Описание
The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks
Ссылки
- Release NotesThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.4 (исключая)
cpe:2.3:a:essentialplugin:popup_anything:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 46%
0.00231
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
около 4 лет назад
The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks
CVSS3: 5.4
fstec
больше 4 лет назад
Уязвимость плагина The Popup Anything WordPress системы управления содержимым сайта WordPress, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации
EPSS
Процентиль: 46%
0.00231
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79