资产安全
商业安全
安全服务
返回- 漏洞ID:
- 漏洞类型:其他
- 发布日期:2026-02-05 00:00:00
- 更新时间:2026-02-06 00:00:00
- CVE编号:CVE-2026-1271
- CNNVD-ID:CNNVD-202602-862
- 漏洞平台:WordPress
- CVSS评分:
暂无
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin ProfileGrid 5.9.7.2及之前版本存在安全漏洞,该漏洞源于用户授权检查之外调用update_user_meta函数,可能导致不安全的直接对象引用。
来源:plugins.trac.wordpress.org 链接:https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.9.6.7/public/partials/coverimg_crop.php#L60 来源:plugins.trac.wordpress.org 链接:https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.9.6.7/public/partials/crop.php#L73 来源:plugins.trac.wordpress.org 链接:https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/trunk/public/partials/coverimg_crop.php#L60 来源:plugins.trac.wordpress.org 链接:https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/trunk/public/partials/crop.php#L73 来源:plugins.trac.wordpress.org 链接:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3448434%40profilegrid-user-profiles-groups-and-communities&new=3448434%40profilegrid-user-profiles-groups-and-communities&sfp_email=&sfph_mail= 来源:www.wordfence.com 链接:https://www.wordfence.com/threat-intel/vulnerabilities/id/712535ce-8c38-4944-aa0a-36d9bacaeb67?source=cve
微信扫码关注公众号
