ГлавнаяУязвимости → CVE-2024-5488
9.8критическая

CVE-2024-5488

→ есть в БДУ: BDU:2024-04897 (на русском)
Описание (на английском; русское — в БДУ выше)

The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the site if a suitable chain is present.

Затрагиваемое ПО
Seopress Seopress
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://wpscan.com/vulnerability/28507376-ded0-4e1a-b2fc-2182895aa14c/https://wpscan.com/vulnerability/28507376-ded0-4e1a-b2fc-2182895aa14c/