How severe is CVE-2021-24154?

CVE-2021-24154 has a CVSS v3 score of 4.9 (MEDIUM).

CVE-2021-24154

Name: theme_editor
Author: themeeditor

4.9MEDIUM

The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web s

Опубликовано: 4/5/2021Обновлено: 11/21/2024

Описание

The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd

ИИ-АнализНа базе ИИ

Затронутые продукты

themeeditortheme_editor

Ссылки

https://wpscan.com/vulnerability/566c6836-fc3d-4dd9-b351-c3d9da9ec22e
Third Party Advisory
https://wpscan.com/vulnerability/566c6836-fc3d-4dd9-b351-c3d9da9ec22e
Third Party Advisory