7.2
CVE-2021-4451
- EPSS 0.62%
- Veröffentlicht 16.10.2024 07:15:11
- Zuletzt bearbeitet 30.10.2024 17:44:27
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginNinjaFirewall <= 4.3.3 - Authenticated PHAR Deserialization
NinjaFirewall <= 4.3.3 - Authenticated PHAR Deserialization
The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).
Mögliche Gegenmaßnahme
NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall: Update to version 4.3.4, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nintechnet ≫ Ninjafirewall SwPlatformwordpress Version <= 4.3.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall
Version
[*, 4.3.4)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.62% | 0.449 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| security@wordfence.com | 6.6 | 0.7 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
https://blog.nintechnet.com/security-issue-fixed-in-ninjafirewall-wp-edition/
https://www.wordfence.com/threat-intel/vulnerabilities/id/1a1fc6c9-50cd-40fd-a777-9eed98aab797?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/1a1fc6c9-50cd-40fd-a777-9eed98aab797