exploitDog

CVE-2021-24543

Опубликовано: 25 окт. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue.

Ссылки

https://wpscan.com/vulnerability/aa23f743-811b-4fd1-81a9-42916342e312
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/aa23f743-811b-4fd1-81a9-42916342e312
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jquery-reply-to-comment_project:jquery-reply-to-comment:*:*:*:*:*:wordpress:*:*

Версия до 1.31 (включая)

EPSS

Процентиль: 30%

0.00108

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-c2qq-rpxf-6qmx

CVSS3: 6.1

github

больше 3 лет назад

The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue.

EPSS

Процентиль: 30%

0.00108

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79