Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-2g6g-hhqw-63q5

Опубликовано: 15 мая 2025
Источник: github
Github: Не прошло ревью
CVSS3: 6.1

Описание

The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

EPSS

Процентиль: 4%
0.00021
Низкий

6.1 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

CVSS3: 6.1
nvd
4 месяца назад

The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

EPSS

Процентиль: 4%
0.00021
Низкий

6.1 Medium

CVSS3

Дефекты

CWE-352