Описание
The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS.
Ссылки
- ProductThird Party Advisory
- Third Party Advisory
- https://www.pluginvulnerabilities.com/2019/08/22/gdpr-plugins-for-wordpress-continue-to-be-insecure/ExploitThird Party Advisory
- ProductThird Party Advisory
- Third Party Advisory
- https://www.pluginvulnerabilities.com/2019/08/22/gdpr-plugins-for-wordpress-continue-to-be-insecure/ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.2.19 (исключая)
cpe:2.3:a:shapepress:wp_dsgvo_tools:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 43%
0.00208
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS.
EPSS
Процентиль: 43%
0.00208
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79