exploitDog

CVE-2021-24433

Опубликовано: 16 янв. 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The simple sort&search WordPress plugin through 0.0.3 does not make sure that the indexurl parameter of the shortcodes "category_sims", "order_sims", "orderby_sims", "period_sims", and "tag_sims" use allowed URL protocols, which can lead to stored cross-site scripting by users with a role as low as Contributor

Ссылки

https://wpscan.com/vulnerability/2ce8c786-ba82-427c-b5e7-e3b300a24c5f/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/2ce8c786-ba82-427c-b5e7-e3b300a24c5f/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yukimichi:simple_sort\&search:*:*:*:*:*:wordpress:*:*

Версия до 0.0.3 (включая)

EPSS

Процентиль: 50%

0.00266

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-f6fq-4q55-rg2f

CVSS3: 5.4

github

около 2 лет назад

The simple sort&search WordPress plugin through 0.0.3 does not make sure that the indexurl parameter of the shortcodes "category_sims", "order_sims", "orderby_sims", "period_sims", and "tag_sims" use allowed URL protocols, which can lead to stored cross-site scripting by users with a role as low as Contributor

EPSS

Процентиль: 50%

0.00266

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79