exploitDog

GHSA-8593-q8c6-2ggq

Опубликовано: 27 июн. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 4.8

Описание

The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Ссылки

EPSS

Процентиль: 86%

0.02873

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-2178

CVSS3: 4.8

nvd

больше 2 лет назад

The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

BDU:2023-07340

CVSS3: 4.8

fstec

больше 2 лет назад

Уязвимость плагина Aajoda Testimonials системы управления содержимым сайта WordPress, позволяющая нарушителю проводить межсайтовые сценарные атаки

EPSS

Процентиль: 86%

0.02873

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79