exploitDog

CVE-2021-24351

Опубликовано: 14 июн. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting (exploitable on both unauthenticated and authenticated users)

Ссылки

https://theplusaddons.com/changelog/
Release Notes
Vendor Advisory
https://wpscan.com/vulnerability/2ee62f85-7aea-4b7d-8b2d-5d86d9fb8016
Exploit
Third Party Advisory
https://theplusaddons.com/changelog/
Release Notes
Vendor Advisory
https://wpscan.com/vulnerability/2ee62f85-7aea-4b7d-8b2d-5d86d9fb8016
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:posimyth:the_plus_addons_for_elementor:*:*:*:*:*:wordpress:*:*

Версия до 4.1.12 (исключая)

EPSS

Процентиль: 98%

0.54267

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-335g-mg6r-4m22

github

больше 3 лет назад

The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting (exploitable on both unauthenticated and authenticated users)

EPSS

Процентиль: 98%

0.54267

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79