exploitDog

CVE-2021-24634

Опубликовано: 27 сент. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does not properly sanitise or escape some of the properties of the Recipe Card Block (such as ingredientsLayout, iconSet, steps, ingredients, recipeTitle, or settings), which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks.

Ссылки

https://wpscan.com/vulnerability/a49c5a5b-57c0-4801-8bf1-cd3a05b12288
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/a49c5a5b-57c0-4801-8bf1-cd3a05b12288
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpzoom:recipe_card_blocks_for_gutenberg_\&_elementor:*:*:*:*:*:wordpress:*:*

Версия до 2.8.3 (исключая)

EPSS

Процентиль: 42%

0.00197

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-2q7f-v24g-xfqg

github

больше 3 лет назад

The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does not properly sanitise or escape some of the properties of the Recipe Card Block (such as ingredientsLayout, iconSet, steps, ingredients, recipeTitle, or settings), which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks.

EPSS

Процентиль: 42%

0.00197

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79