CVE-2019-25152

Опубликовано: 22 июн. 2023

Источник: nvd

CVSS3: 7.2

CVSS3: 6.1

EPSS Средний

Описание

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard.

Ссылки

https://plugins.trac.wordpress.org/changeset/2033212
Patch
https://wpscan.com/vulnerability/9229
Third Party Advisory
https://www.wordfence.com/blog/2019/03/xss-flaw-in-abandoned-cart-plugin-leads-to-wordpress-site-takeovers/
Exploit
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/a9cc5c6d-4396-4ebf-8788-f01dd9e9cfbc?source=cve
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2033212
Patch
https://wpscan.com/vulnerability/9229
Third Party Advisory
https://www.wordfence.com/blog/2019/03/xss-flaw-in-abandoned-cart-plugin-leads-to-wordpress-site-takeovers/
Exploit
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/a9cc5c6d-4396-4ebf-8788-f01dd9e9cfbc?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tychesoftwares:abandoned_cart_lite_for_woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 5.2.0 (исключая)

cpe:2.3:a:tychesoftwares:abandoned_cart_pro_for_woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 7.12.0 (включая)

EPSS

Процентиль: 97%

0.30617

Средний

7.2 High

CVSS3

6.1 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-pp7h-37gh-6jqq

CVSS3: 7.2

github

больше 2 лет назад

EPSS

Процентиль: 97%

0.30617

Средний

7.2 High

CVSS3

6.1 Medium

CVSS3