漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Wordapp <= 1.6.0 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature
Vulnerability Description
The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to the plugin to change the 'validation_token' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
WordPress Plugin Wordapp 数据伪造问题漏洞
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin Wordapp Q.5.0及之前版本存在安全漏洞,该漏洞源于函数wa_pdx_op_config_set使用了不充分的加密签名,导致容易受到权限绕过攻击。未经身份验证的攻击者可利用该漏洞更改插件配置。
CVSS Information
N/A
Vulnerability Type
N/A