exploitDog

GHSA-6645-2q63-p5rq

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.8

Описание

The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed

The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed

Ссылки

EPSS

Процентиль: 43%

0.00206

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-24773

CVSS3: 4.8

nvd

больше 4 лет назад

The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed

EPSS

Процентиль: 43%

0.00206

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79