8.8
CVE-2020-12074
- EPSS 0.55%
- Veröffentlicht 23.04.2020 02:15:11
- Zuletzt bearbeitet 21.11.2024 04:59:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginWebToffee Plugins <= (Various Versions) - Arbitrary User Creation
Product Import Export for WooCommerce <= 1.7.4 - Missing Authorization to CSV Import
The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.
Mögliche Gegenmaßnahme
Comments Import & Export: Update to version 2.1.11, or a newer patched version
Order Export & Order Import for WooCommerce: Update to version 1.6.1, or a newer patched version
Order XML File Export Import for WooCommerce: Update to version 1.3.1, or a newer patched version
Product Reviews Import Export for WooCommerce: Update to version 1.3.3, or a newer patched version
Export and Import Users and Customers: Update to version 1.3.9, or a newer patched version
XML File Export Import for Stamps.com and WooCommerce: Update to version 1.1.9, or a newer patched version
Product Import Export for WooCommerce – Import Export Product CSV Suite: Update to version 1.7.5, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Comments Import & Export
Version
[*, 2.1.11)
SystemWordPress Plugin
≫
Produkt
Order Export & Order Import for WooCommerce
Version
[*, 1.6.1)
SystemWordPress Plugin
≫
Produkt
Order XML File Export Import for WooCommerce
Version
[*, 1.3.1)
SystemWordPress Plugin
≫
Produkt
Product Reviews Import Export for WooCommerce
Version
[*, 1.3.3)
SystemWordPress Plugin
≫
Produkt
Export and Import Users and Customers
Version
[*, 1.3.9)
SystemWordPress Plugin
≫
Produkt
XML File Export Import for Stamps.com and WooCommerce
Version
[*, 1.1.9)
SystemWordPress Plugin
≫
Produkt
Product Import Export for WooCommerce – Import Export Product CSV Suite
Version
[*, 1.7.5)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Webtoffee ≫ Import Export Wordpress Users SwPlatformwordpress Version < 1.3.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.55% | 0.672 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| cve@mitre.org | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.