CVE-2019-14796

Опубликовано: 09 авг. 2019

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter.

Ссылки

https://wordpress.org/plugins/mq-woocommerce-products-price-bulk-edit/#developers
Release Notes
https://wpvulndb.com/vulnerabilities/9515
Third Party Advisory
https://www.pluginvulnerabilities.com/2019/05/16/is-this-authenticated-persistent-cross-site-scripting-xss-vulnerability-what-hackers-would-be-interested-in-woocommerce-products-price-bulk-edit-for/
Exploit
Third Party Advisory
https://wordpress.org/plugins/mq-woocommerce-products-price-bulk-edit/#developers
Release Notes
https://wpvulndb.com/vulnerabilities/9515
Third Party Advisory
https://www.pluginvulnerabilities.com/2019/05/16/is-this-authenticated-persistent-cross-site-scripting-xss-vulnerability-what-hackers-would-be-interested-in-woocommerce-products-price-bulk-edit-for/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mq-woocommerce-products-price-bulk-edit_project:mq-woocommerce-products-price-bulk-edit:2.0:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 42%

0.00204

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-4rf6-4w52-c8p7