Code injection

2019-08-2912:15:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.1%

The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.

CPENameOperatorVersion
donationslt1.4

CPE	Name	Operator	Version
	donations	lt	1.4

References

threatpost.com/wordpress-plugins-exploited-in-ongoing-attack-researchers-warn/147671/

wordpress.org/plugins/nd-donations/

wpvulndb.com/vulnerabilities/9493