CVE-2020-7228

Опубликовано: 22 янв. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user.

Ссылки

https://spider-security.co.uk/blog-cve-2020-7228
Third Party Advisory
https://wordpress.org/plugins/calculated-fields-form/#developers
Third Party Advisory
https://wpvulndb.com/vulnerabilities/10043
Third Party Advisory
https://spider-security.co.uk/blog-cve-2020-7228
Third Party Advisory
https://wordpress.org/plugins/calculated-fields-form/#developers
Third Party Advisory
https://wpvulndb.com/vulnerabilities/10043
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:codepeople:calculated_fields_form:*:*:*:*:*:wordpress:*:*

Версия до 1.0.353 (включая)

EPSS

Процентиль: 69%

0.00614

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-5rr8-65f3-j756

github

больше 3 лет назад