Описание
The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter.
Ссылки
- https://packetstormsecurity.com/files/145218/WordPress-Z-URL-Preview-1.6.1-Cross-Site-Scripting.htmlExploitThird Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- Release Notes
- ExploitIssue TrackingVendor Advisory
- Third Party Advisory
- https://packetstormsecurity.com/files/145218/WordPress-Z-URL-Preview-1.6.1-Cross-Site-Scripting.htmlExploitThird Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- Release Notes
- ExploitIssue TrackingVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:z-url_preview_project:z-url_preview:1.6.1:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 74%
0.00799
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter.
EPSS
Процентиль: 74%
0.00799
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79