← back
CVE-2023-0551

REST API TO MiniProgram <= 4.6.1 - Subscriber+ Attachment Deletion

EPSS 0.3%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
16 Aug 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments