9.8

CVE-2021-36888

WordPress Image Hover Effects Ultimate plugin <= 9.6.1 - Unauthenticated Arbitrary Options Update leading to full website compromise

Image Hover Effects Ultimate <= 9.6.1 - Unauthenticated Arbitrary Options Update

Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin.
Mögliche Gegenmaßnahme
Image Hover Effects Ultimate ( Image Gallery, Effects, Lightbox, Comparison & Magnifier ): Update to version 9.6.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BlockseraImage Hover Effects SwPlatformwordpress Version < 9.6.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Image Hover Effects Ultimate ( Image Gallery, Effects, Lightbox, Comparison & Magnifier )
Version *-9.6.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.74% 0.931
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
audit@patchstack.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://patchstack.com/database/vulnerability/image-hover-effects-ultimate/wordpress-image-hover-effects-ultimate-plugin-9-6-1-unauthenticated-arbitrary-options-update-leading-to-full-website-compromise
Third Party Advisory
https://wordpress.org/plugins/image-hover-effects-ultimate/#developers
Vendor Advisory
Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/8b4fcc97-1b6b-4411-8b55-0ef7a2c8d44e
Third Party Advisory