Описание
The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.3.2 (исключая)Версия до 5.5.2 (исключая)
Одно из
cpe:2.3:a:admincolumns:admin_columns:*:*:*:*:free:wordpress:*:*
cpe:2.3:a:admincolumns:admin_columns:*:*:*:*:pro:wordpress:*:*
EPSS
Процентиль: 53%
0.00295
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns.
EPSS
Процентиль: 53%
0.00295
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79