漏洞标题
教会管理员<3.4.135 - 未授权插件的备份揭示
漏洞描述信息
教会管理 < 3.4.135 - 未验证插件的备份泄露
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
漏洞类别
N/A
漏洞标题
Church Admin < 3.4.135 - Unauthenticated Plugin's Backup Disclosure
漏洞描述信息
The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename, which can then be fetched by the attacker to download the backup of the plugin's DB data
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
WordPress plugin Church Admin 安全漏洞
漏洞描述信息
WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin Church Admin 3.4.135之前存在安全漏洞,该漏洞源于该插件在其某些动作和请求文件中没有进行授权和跨站请求伪造检查。
CVSS信息
N/A
漏洞类别
其他