CVE-2020-8549

Опубликовано: 03 фев. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens.

Ссылки

http://packetstormsecurity.com/files/156369/WordPress-Strong-Testimonials-2.40.1-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/MachoThemes/strong-testimonials/blob/master/changelog.txt
Release Notes
Third Party Advisory
https://wpvulndb.com/vulnerabilities/10056
Third Party Advisory
https://www.getastra.com/blog/911/plugin-exploit/stored-xss-vulnerability-found-in-strong-testimonials-plugin/
Exploit
Third Party Advisory
https://www.jinsonvarghese.com/stored-xss-vulnerability-in-strong-testimonials-plugin/
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/156369/WordPress-Strong-Testimonials-2.40.1-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/MachoThemes/strong-testimonials/blob/master/changelog.txt
Release Notes
Third Party Advisory
https://wpvulndb.com/vulnerabilities/10056
Third Party Advisory
https://www.getastra.com/blog/911/plugin-exploit/stored-xss-vulnerability-found-in-strong-testimonials-plugin/
Exploit
Third Party Advisory
https://www.jinsonvarghese.com/stored-xss-vulnerability-in-strong-testimonials-plugin/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpchill:strong_testimonials:*:*:*:*:*:wordpress:*:*

Версия до 2.40.1 (исключая)

EPSS

Процентиль: 68%

0.00564

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-4x75-37xv-wgwv