CVE-2021-24703 - CERT CVE

  1. CVE-2021-24703

ID CVE-2021-24703
Sažetak The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed.
Reference
CVSS
Base: 3.5
Impact: 2.9
Exploitability:6.8
Pristup
VektorSloženostAutentikacija
NETWORK MEDIUM SINGLE
Impact
PovjerljivostCjelovitostDostupnost
NONE PARTIAL NONE
CVSS vektor AV:N/AC:M/Au:S/C:N/I:P/A:N
Zadnje važnije ažuriranje 24-10-2022 - 16:32
Objavljeno 23-11-2021 - 20:15