Lucene search

WpvulndbWPVDB-ID:73DED825-3147-491E-B17C-DB6CF4872C4B

HistoryApr 29, 2024 - 12:00 a.m.

Contest Gallery < 21.3.5 - Authenticated (Author+) Arbitrary File Deletion

2024-04-2900:00:00

wpscan.com

wordpress

plugin vulnerability

data loss

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Description The Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on a function in all versions up to, and including, 21.3.4. This makes it possible for authenticated attackers, with author-level access and above, to delete arbitrary files.

References

www.wordfence.com/threat-intel/vulnerabilities/id/8ed63de5-ef65-4e90-afc1-b7a075e99316

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for WPVDB-ID:73DED825-3147-491E-B17C-DB6CF4872C4B