exploitDog

GHSA-qf3v-9qqm-2rm9

Опубликовано: 21 июн. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.8

Описание

The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed

The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed

Ссылки

EPSS

Процентиль: 45%

0.00225

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-1889

CVSS3: 4.8

nvd

больше 3 лет назад

The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed

EPSS

Процентиль: 45%

0.00225

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79