CVE-2019-14470

Опубликовано: 04 сент. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.

Ссылки

http://packetstormsecurity.com/files/154206/WordPress-UserPro-4.9.32-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/cosenary/Instagram-PHP-API/commits/master
Third Party Advisory
https://wpvulndb.com/vulnerabilities/9815
Third Party Advisory
https://www.exploit-db.com/exploits/47304
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/154206/WordPress-UserPro-4.9.32-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/cosenary/Instagram-PHP-API/commits/master
Third Party Advisory
https://wpvulndb.com/vulnerabilities/9815
Third Party Advisory
https://www.exploit-db.com/exploits/47304
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:instagram-php-api_project:instagram-php-api:-:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:userproplugin:user_pro:*:*:*:*:*:wordpress:*:*

Версия до 4.9.32 (включая)

EPSS

Процентиль: 97%

0.30592

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-gcv6-2v9c-rj48