exploitDog

GHSA-gx24-fg4m-2f7m

Опубликовано: 15 мая 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as admin

The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as admin

Ссылки

EPSS

Процентиль: 81%

0.01495

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-0852

CVSS3: 8.8

nvd

9 месяцев назад

The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as admin

EPSS

Процентиль: 81%

0.01495

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79