exploitDog

GHSA-m7g9-v8qx-6hfp

Опубликовано: 15 фев. 2022

Источник: github

Github: Не прошло ревью

Описание

The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link.

The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link.

Ссылки

EPSS

Процентиль: 39%

0.00177

Низкий

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2021-25109

CVSS3: 2.7

nvd

почти 4 года назад

The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link.

EPSS

Процентиль: 39%

0.00177

Низкий

CVE ID

Дефекты

CWE-89