Description

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments

Related CPE's

a

minapper

rest_api_to_miniprogram

*

*

*

*

*

wordpress

Vulnerable

References

https://wpscan.com/vulnerability/de162a46-1fdb-47b9-9a61-f12a2c655a7d

Exploit

https://wpscan.com/vulnerability/de162a46-1fdb-47b9-9a61-f12a2c655a7d

Exploit

Weaknesses

Could not find any weaknesses

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

5.4 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-08-16T10:15:12.150Z

2 years ago

Last modified

2024-11-21T06:37:23.333Z

1 year ago