Описание
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages.
Ссылки
- ProductThird Party Advisory
- ExploitThird Party Advisory
- ProductThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.5.0 (включая) до 4.5.6 (исключая)
cpe:2.3:a:wpbakery_page_builder_clipboard_project:wpbakery_page_builder_clipboard:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 37%
0.00162
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages.
EPSS
Процентиль: 37%
0.00162
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79