Описание
Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag.
Ссылки
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.01 (включая)
Одновременно
Одно из
cpe:2.3:a:cartpauj:shortcode-redirect:*:*:*:*:*:*:*:*
cpe:2.3:a:cartpauj:shortcode-redirect:1.0.00:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.0011
Низкий
2.1 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
около 3 лет назад
Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag.
EPSS
Процентиль: 30%
0.0011
Низкий
2.1 Low
CVSS2
Дефекты
CWE-79