exploitDog

CVE-2018-5214

Опубликовано: 04 янв. 2018

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php.

Ссылки

https://github.com/d4wner/Vulnerabilities-Report/blob/master/Add-Link-to-Facebook.md
Exploit
Third Party Advisory
https://wordpress.org/support/topic/stored-xss-bug-at-the-latest-version-of-add-link-to-facebook/
Broken Link
https://github.com/d4wner/Vulnerabilities-Report/blob/master/Add-Link-to-Facebook.md
Exploit
Third Party Advisory
https://wordpress.org/support/topic/stored-xss-bug-at-the-latest-version-of-add-link-to-facebook/
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:add_link_to_facebook_project:add_link_to_facebook:*:*:*:*:*:wordpress:*:*

Версия до 2.3 (включая)

EPSS

Процентиль: 48%

0.00247

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-vm86-6r2x-j7gv

CVSS3: 5.4

github

больше 3 лет назад

The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php.

EPSS

Процентиль: 48%

0.00247

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79