7.5
CVE-2021-4348
- EPSS 0.6%
- Veröffentlicht 07.06.2023 02:15:13
- Zuletzt bearbeitet 21.11.2024 06:37:28
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginUltimate GDPR & CCPA <= 2.4 - Unauthenticated Settings Import & Export
The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the export_settings & import_settings functions in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to change plugin settings and conduct attacks such as redirecting visitors to malicious sites.
Mögliche Gegenmaßnahme
Ultimate GDPR & CCPA Compliance Toolkit for WordPress: Update to version 2.5, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Ultimate GDPR & CCPA Compliance Toolkit for WordPress
Version
[*, 2.5)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Createit ≫ Ultimate Gdpr & Ccpa Compliance Toolkit SwPlatformwordpress Version < 2.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.6% | 0.691 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| security@wordfence.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.