Lucene search

WpvulndbWPVDB-ID:CE23EC26-9C61-4546-A179-9FE87019CEE4

HistoryMay 23, 2024 - 12:00 a.m.

EmbedPress < 3.9.13 - Contributor+ PDF Block Embedding

2024-05-2300:00:00

wpscan.com

vulnerable plugin insufficient authorization pdf embedding authenticated attackers contributor-level access

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.6

Confidence

High

JSON

Description The plugin is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed block. This makes it possible for authenticated attackers, with contributor-level access and above, to embed PDF blocks.

References

www.wordfence.com/threat-intel/vulnerabilities/id/175e08ce-aec2-427a-90e0-f955711d58b2

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.6

Confidence

High

JSON

Related for WPVDB-ID:CE23EC26-9C61-4546-A179-9FE87019CEE4