7.5
CVE-2019-11807
- EPSS 1.47%
- Veröffentlicht 06.05.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:21:48
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginWooCommerce Checkout Manager <= 4.2.6 - Unauthenticated Arbitrary Media Deletion
The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a nopriv_ registration and a lack of capabilities checks.
Mögliche Gegenmaßnahme
Checkout Field Manager (Checkout Manager) for WooCommerce: Update to version 4.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Visser ≫ Woocommerce Checkout Manager SwPlatformwordpress Version < 4.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Checkout Field Manager (Checkout Manager) for WooCommerce
Version
*-4.2.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.47% | 0.704 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:P
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://wpvulndb.com/vulnerabilities/9262
https://www.wordfence.com/blog/2019/05/unauthenticated-media-deletion-vulnerability-patched-in-woocommerce-checkout-manager-plugin/
https://www.wordfence.com/threat-intel/vulnerabilities/id/37d13a43-13f4-460d-b5ea-5def8a379d54