Описание
The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php.
Ссылки
- https://packetstormsecurity.com/files/144582/WordPress-Pootle-Button-1.1.1-Cross-Site-Scripting.htmlThird Party AdvisoryVDB Entry
- PatchThird Party Advisory
- Third Party Advisory
- https://packetstormsecurity.com/files/144582/WordPress-Pootle-Button-1.1.1-Cross-Site-Scripting.htmlThird Party AdvisoryVDB Entry
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:pootlepress:pootle_button:1.0.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:pootlepress:pootle_button:1.1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:pootlepress:pootle_button:1.1.1:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 42%
0.00196
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php.
EPSS
Процентиль: 42%
0.00196
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79