漏洞标题
将以下内容从英文翻译成中文:
```
ScrollTo Top <= 1.2.2 - Cross-Site Request Forgery to Arbitrary File Upload
```
翻译为:
```
滚动到顶部 <= 1.2.2 - 跨站请求伪造到任意文件上传
```
漏洞描述信息
WordPress的ScrollTo Top插件在1.2.2及之前版本中存在跨站请求伪造(Cross-Site Request Forgery, CSRF)任意文件上传漏洞。这是因为“options_page”函数中缺少nonce验证和文件类型验证。这使得未经身份验证的攻击者能够上传受影响站点服务器上的任意文件。如果攻击者能够诱骗站点管理员执行某些操作(例如点击链接),则可能通过伪造请求实现远程代码执行。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
跨站请求伪造(CSRF)
漏洞标题
ScrollTo Top <= 1.2.2 - Cross-Site Request Forgery to Arbitrary File Upload
漏洞描述信息
The ScrollTo Top plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.2.2. This is due to missing nonce validation and missing file type validation in the 'options_page' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
WordPress plugin ScrollTo Top 安全漏洞
漏洞描述信息
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin ScrollTo Top 1.2.2 版本及之前版本存在安全漏洞,该漏洞源于存在跨站请求伪造。攻击者利用该漏洞可以上传任意文件。
CVSS信息
N/A
漏洞类别
其他