ГлавнаяУязвимости → CVE-2015-10140
8.8высокая

CVE-2015-10140

Описание

The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files.

Затрагиваемое ПО
Connekthq Ajax load more
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://wpscan.com/vulnerability/9f0c926e-0609-4c89-a724-88e16bcfa82a