exploitDog

CVE-2021-24619

Опубликовано: 13 сент. 2021

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues.

Ссылки

https://wpscan.com/vulnerability/f360f383-0646-44ca-b49e-e2258dfbf3a6
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/f360f383-0646-44ca-b49e-e2258dfbf3a6
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:evona:per_page_add_to_head:*:*:*:*:*:wordpress:*:*

Версия до 1.4.4 (включая)

EPSS

Процентиль: 43%

0.00206

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-hcj7-753j-h8mf

github

больше 3 лет назад

The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues.

EPSS

Процентиль: 43%

0.00206

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79