9.8
CVE-2019-6703
- EPSS 26.08%
- Veröffentlicht 27.01.2019 02:29:00
- Zuletzt bearbeitet 21.11.2024 04:46:59
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginTotal Donations <= 2.0.5 - Missing Authorization to Arbitrary Options Update
Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call the miglaA_update_me action to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.
Mögliche Gegenmaßnahme
Total Donations: Update to version 3.0.0, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Calmar-webmedia ≫ Total Donations SwPlatformwordpress Version <= 2.0.5
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Total Donations
Version
*-2.0.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 26.08% | 0.977 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
https://wpvulndb.com/vulnerabilities/9208
https://www.wordfence.com/blog/2019/01/wordpress-sites-compromised-via-zero-day-vulnerabilities-in-total-donations-plugin/
https://www.wordfence.com/threat-intel/vulnerabilities/id/206c3f15-72d2-4aac-9500-0f794485639e