exploitDog

GHSA-gmwg-m5q2-qr9g

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.

Ссылки

EPSS

Процентиль: 29%

0.00108

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2021-24683

CVSS3: 5.4

nvd

больше 4 лет назад

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.

EPSS

Процентиль: 29%

0.00108

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-352