exploitDog

CVE-2021-24642

Опубликовано: 18 окт. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE (via a file upload) as well as XSS

Ссылки

https://wpscan.com/vulnerability/8d9129ab-33c3-44ee-b150-f7552d88e658
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/8d9129ab-33c3-44ee-b150-f7552d88e658
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:scroll_banner_project:scroll_banner:*:*:*:*:*:wordpress:*:*

Версия до 1.0 (включая)

EPSS

Процентиль: 36%

0.00154

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-mm76-wgcc-5xg2

CVSS3: 6.5

github

больше 3 лет назад

The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE (via a file upload) as well as XSS

EPSS

Процентиль: 36%

0.00154

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79