CVE-2020-15020

Опубликовано: 31 авг. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field.

Ссылки

http://hidden-one.co.in/2020/07/07/cve-2020-1020-stored-xss-on-elementor-wordpress-plugin/
Third Party Advisory
https://wordpress.org/plugins/elementor/#developers
Product
Third Party Advisory
http://hidden-one.co.in/2020/07/07/cve-2020-1020-stored-xss-on-elementor-wordpress-plugin/
Third Party Advisory
https://wordpress.org/plugins/elementor/#developers
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:elementor:website_builder:*:*:*:*:*:wordpress:*:*

Версия до 2.9.13 (включая)

EPSS

Процентиль: 36%

0.00153

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-7x76-6536-qg4c