7.2
CVE-2024-13900
- EPSS 0.27%
- Veröffentlicht 21.02.2025 12:15:30
- Zuletzt bearbeitet 25.02.2025 04:02:36
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginHead, Footer and Post Injections <= 3.3.0 - Authenticated (Administrator+) PHP Code Injection in Multisite Environments
The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject PHP Code in multisite environments.
Mögliche Gegenmaßnahme
Head, Footer and Post Injections: Update to version 3.3.1, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Head, Footer and Post Injections
Version
*-3.3.0
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Satollo ≫ Head, Footer, And Post Injections SwPlatformwordpress Version < 3.3.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.5 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| security@wordfence.com | 4.1 | 0.7 | 3.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.