exploitDog

CVE-2021-24389

Опубликовано: 06 июл. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability.

Ссылки

https://wpscan.com/vulnerability/23b8b8c4-cded-4887-a021-5f3ea610213b
Exploit
Vendor Advisory
https://wpscan.com/vulnerability/23b8b8c4-cded-4887-a021-5f3ea610213b
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:chimpgroup:foodbakery:*:*:*:*:*:wordpress:*:*

Версия до 2.2 (исключая)

EPSS

Процентиль: 94%

0.13968

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-w88c-8753-jmrg

github

больше 3 лет назад

The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability.

EPSS

Процентиль: 94%

0.13968

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79