exploitDog

CVE-2021-24349

Опубликовано: 14 июн. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also be performed via such vector.

Ссылки

https://wpscan.com/vulnerability/6bb4eb71-d702-4732-b01f-b723077d66ca
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/6bb4eb71-d702-4732-b01f-b723077d66ca
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gallery_from_files_project:gallery_from_files:*:*:*:*:*:wordpress:*:*

Версия до 1.6.0 (включая)

EPSS

Процентиль: 29%

0.00108

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-f672-mxfg-3p82

CVSS3: 6.1

github

больше 3 лет назад

This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also be performed via such vector.

EPSS

Процентиль: 29%

0.00108

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79