CyberRota
← Ana sayfaya dön

CVE-2026-12684

UNKNOWN · CVSS N/A

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-16T07:16:47.210 · Çekilme zamanı: 2026-07-16T12:08:05.496011+00:00

CyberRota Yorumu

Saldırganın giriş yapmış olması gerekebilir.

CVE
CVE-2026-12684
Severity
UNKNOWN
CVSS
N/A
EPSS
Yok
WordPress

Orijinal NVD Açıklaması

The Customer Reviews for WooCommerce WordPress plugin before 5.113.0 does not perform authentication, capability, or nonce checks on one of its media upload AJAX actions when the review media attachment feature is enabled, allowing unauthenticated users to upload media files (bounded to an image and video allowlist) to the Media Library and create attachment posts, leading to media library pollution and disk space exhaustion.