8.8
CVE-2022-38140
- EPSS 0.74%
- Veröffentlicht 28.11.2022 20:15:16
- Zuletzt bearbeitet 21.11.2024 07:15:52
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
LoginSEO Plugin by Squirrly SEO <= 12.1.10 - Authenticated (Contributor+) Arbitrary File Upload
Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPress.
Mögliche Gegenmaßnahme
SEO Plugin by Squirrly SEO: Update to version 12.1.11, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
SEO Plugin by Squirrly SEO
Version
*-12.1.10
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Squirrly ≫ Seo Plugin By Squirrly Seo SwPlatformwordpress Version <= 12.1.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.74% | 0.721 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| audit@patchstack.com | 7.6 | 2.8 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.