exploitDog

CVE-2021-24296

Опубликовано: 24 мая 2021

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where reviews are enabled

Ссылки

https://wpscan.com/vulnerability/c450f54a-3372-49b2-8ad8-68d5cc0dd49e
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/c450f54a-3372-49b2-8ad8-68d5cc0dd49e
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gowebsolutions:wp_customer_reviews:*:*:*:*:*:wordpress:*:*

Версия до 3.5.6 (исключая)

EPSS

Процентиль: 40%

0.00186

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-r7g7-h9q3-437j

github

больше 3 лет назад

The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where reviews are enabled

EPSS

Процентиль: 40%

0.00186

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79