CVE-2021-24143 - CERT CVE

  1. CVE-2021-24143

ID CVE-2021-24143
Sažetak Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections.
Reference
CVSS
Base: 6.5
Impact: 6.4
Exploitability:8.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW SINGLE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL PARTIAL
CVSS vektor AV:N/AC:L/Au:S/C:P/I:P/A:P
Zadnje važnije ažuriranje 22-03-2021 - 19:44
Objavljeno 18-03-2021 - 15:15