exploitDog

CVE-2021-24683

Опубликовано: 11 окт. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 4.3

EPSS Низкий

Описание

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.

Ссылки

https://wpscan.com/vulnerability/54f95b51-5804-4bee-9e4a-f73b8ef9bbd5
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/54f95b51-5804-4bee-9e4a-f73b8ef9bbd5
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:awplife:weather_effect:*:*:*:*:*:wordpress:*:*

Версия до 1.3.4 (исключая)

EPSS

Процентиль: 29%

0.00108

Низкий

5.4 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-gmwg-m5q2-qr9g

CVSS3: 5.4

github

больше 3 лет назад

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.

EPSS

Процентиль: 29%

0.00108

Низкий

5.4 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79