exploitDog

CVE-2021-24567

Опубликовано: 16 янв. 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The Simple Post WordPress plugin through 1.1 does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.

Ссылки

https://wpscan.com/vulnerability/a3cd3115-2181-4e14-8b39-4de096433847/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/a3cd3115-2181-4e14-8b39-4de096433847/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nickmomrik:simple_post:*:*:*:*:*:wordpress:*:*

Версия до 1.1 (включая)

EPSS

Процентиль: 47%

0.0024

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-6552-h6m4-jfx9

CVSS3: 5.4

github

около 2 лет назад

The Simple Post WordPress plugin through 1.1 does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.

EPSS

Процентиль: 47%

0.0024

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79