ГлавнаяУязвимости → CVE-2021-47979
8.8высокая

CVE-2021-47979

Описание

WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted file_name and folder_name parameters to delete arbitrary files from the WordPress installation directory.

CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://wordpress.org/plugins/backup-and-restore-for-wp/https://www.exploit-db.com/exploits/50503https://www.miniorange.com/https://www.vulncheck.com/advisories/wordpress-plugin-backup-and-restore-arbitrary-file-deletion