Source |
CVE Liste |
Identifiant |
8316333 |
Date de publication |
2023-03-07 14:15:09 (vue: 2023-03-07 16:06:51) |
Titre |
CVE-2020-36669 |
Texte |
The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link. |
Envoyé |
Oui |
Condensat |
2020 36669 action administrator arbitrary attackers backup can clicking cross cve due files forged forgery function get granted guard import including jetbackup link makes migrate missing nonce performing plugin possible request restore server site such trick unauthenticated upload validation versions vulnerable wordpress รข€“ |
Tags |
|
Stories |
|
Notes |
|
Move |
|