PT-2017-10991 · Automattic · Wordpress
Larry W. Cashdollar
·
Publicado
2017-09-14
·
Atualizado
2017-09-27
·
CVE-2017-1002002
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
webapp-builder version 2.0
Description
The issue concerns a wordpress plugin that includes unlicensed and vulnerable CMS software from http://www.invedion.com/.
Recommendations
For webapp-builder version 2.0, consider removing or disabling the plugin until a patched version is available. As a temporary workaround, restrict access to any components of the plugin that utilize the vulnerable CMS software to minimize the risk of exploitation.
Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wordpress