Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-rwph-88j2-jxq8

Опубликовано: 17 дек. 2025
Источник: github
Github: Не прошло ревью
CVSS3: 6.4

Описание

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Ссылки

EPSS

Процентиль: 12%
0.00039
Низкий

6.4 Medium

CVSS3

CVE ID

CVE-2025-13537

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2025-13537

CVSS3: 6.4
nvd
около 2 месяцев назад

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

EPSS

Процентиль: 12%
0.00039
Низкий

6.4 Medium

CVSS3

CVE ID

CVE-2025-13537

Дефекты

CWE-79