脆弱性情報
高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
NEX-Forms <= 9.2.2 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_send_nf_email AJAX Action
脆弱性説明
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the saved_admin_email, saved_user_email, and saved_user_email_address fields of arbitrary form entries belonging to other users, and cause the site to dispatch attacker-controlled email content to attacker-chosen recipient addresses.
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
脆弱性タイプ
授权机制缺失
脆弱性タイトル
webaways NEX-Forms – Ultimate Forms Plugin for WordPress 授权问题漏洞
脆弱性説明
webaways NEX-Forms – Ultimate Forms Plugin for WordPress是webaways的WordPress表单插件。 webaways NEX-Forms – Ultimate Forms Plugin for WordPress 9.2.2及之前版本存在授权问题漏洞,该漏洞源于插件未正确验证用户授权行为,可能导致未经验证的攻击者覆盖其他用户表单条目中的saved_admin_email、saved_user_email和saved_user_email_add
CVSS情報
N/A
脆弱性タイプ
N/A