Description

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments

Related CPE's

a

minapper

rest_api_to_miniprogram

*

*

*

*

*

wordpress

Vulnerable

References

https://wpscan.com/vulnerability/de162a46-1fdb-47b9-9a61-f12a2c655a7d

Exploit

Weaknesses

Could not find any weaknesses

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

5.4 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-08-16T12:15:12.150

11 months ago

Last modified

2023-11-07T04:00:46.560

8 months ago