7.6

CVE-2019-25149

Exploit

EPSS 0.11%
Veröffentlicht 07.06.2023 02:15:10
Zuletzt bearbeitet 21.11.2024 04:39:58
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Gallery Images Ape <= 2.0.6 - Authenticated Plugin Deactivation

The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security.

Mögliche Gegenmaßnahme

Gallery Images Ape: Update to version 2.0.7, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Gallery Images Ape

Version [*, 2.0.7)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Robogallery ≫ Gallery Images Ape SwPlatformwordpress Version <= 2.0.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.29

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
security@wordfence.com	7.6	2.8	4.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://blog.nintechnet.com/wordpress-ape-gallery-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability/

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd6c2b8-b00c-49d1-930f-50397e742ac5?source=cve

Third Party Advisory

Broken Link

https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd6c2b8-b00c-49d1-930f-50397e742ac5

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-25149

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-25149

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-25149

EUVD