exploitDog

CVE-2021-24431

Опубликовано: 13 сент. 2021

Источник: nvd

CVSS3: 4.3

CVSS2: 4.3

EPSS Низкий

Описание

The Language Bar Flags WordPress plugin through 1.0.8 does not have any CSRF in place when saving its settings and did not sanitise or escape them when generating the flag bar in the frontend. This could allow attackers to make a logged in admin change the settings, and set Cross-Site Scripting payload in them, which will be executed in the frontend for all users

Ссылки

https://wpscan.com/vulnerability/ae50cec9-5f80-4221-b6a8-4593ab66c37b
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/ae50cec9-5f80-4221-b6a8-4593ab66c37b
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:language_bar_flags_project:language_bar_flags:*:*:*:*:*:wordpress:*:*

Версия до 1.0.8 (включая)

EPSS

Процентиль: 35%

0.00144

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-32wp-2wg5-3q9c

CVSS3: 4.3

github

больше 3 лет назад

The Language Bar Flags WordPress plugin through 1.0.8 does not have any CSRF in place when saving its settings and did not sanitise or escape them when generating the flag bar in the frontend. This could allow attackers to make a logged in admin change the settings, and set Cross-Site Scripting payload in them, which will be executed in the frontend for all users

EPSS

Процентиль: 35%

0.00144

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79