CVE-2021-39333
Hashthemes Demo Importer <= 1.1.1 Improper Access Control Allowing Content Deletion
The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of wp-content/uploads.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Productos afectados
Hashthemes · Hashthemes Demo Importer¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →