CVE-2021-24290

Опубликовано: 17 мая 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.

Ссылки

https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719
Third Party Advisory
https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin
Third Party Advisory
https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719
Third Party Advisory
https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:de-baat:store_locator_plus:*:*:*:*:*:wordpress:*:*

Версия до 5.5.15 (включая)

EPSS

Процентиль: 87%

0.03211

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-m467-x355-47w9

github

больше 3 лет назад