exploitDog

CVE-2021-24346

Опубликовано: 14 июн. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue

Ссылки

https://codevigilant.com/disclosure/2021/wp-plugin-stock-in/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/c25146fd-4143-463c-8c85-05dd33e9a77b
Exploit
Third Party Advisory
https://codevigilant.com/disclosure/2021/wp-plugin-stock-in/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/c25146fd-4143-463c-8c85-05dd33e9a77b
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:stock_in_\&_out_project:stock_in_\&_out:*:*:*:*:*:wordpress:*:*

Версия до 1.0.4 (включая)

EPSS

Процентиль: 40%

0.0018

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-rmmh-2222-6j4v

github

больше 3 лет назад

The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue

EPSS

Процентиль: 40%

0.0018

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79