exploitDog

GHSA-897r-hcfg-v9vh

Опубликовано: 25 сент. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.

The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.

Ссылки

EPSS

Процентиль: 79%

0.01316

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-4549

CVSS3: 6.1

nvd

больше 2 лет назад

The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.

EPSS

Процентиль: 79%

0.01316

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79