exploitDog

GHSA-43hf-xmxj-8rwm

Опубликовано: 05 июн. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 4.8

Описание

The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Ссылки

EPSS

Процентиль: 76%

0.00924

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-2224

CVSS3: 4.8

nvd

больше 2 лет назад

The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

BDU:2023-07343

CVSS3: 6.1

fstec

больше 2 лет назад

Уязвимость плагина SEO by 10Web системы управления содержимым сайта WordPress, позволяющая нарушителю проводить межсайтовые сценарные атаки

EPSS

Процентиль: 76%

0.00924

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79