exploitDog

CVE-2021-24922

Опубликовано: 13 дек. 2021

Источник: nvd

CVSS3: 9

CVSS2: 6

EPSS Низкий

Описание

The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks

Ссылки

https://wpscan.com/vulnerability/399ffd65-f3c0-4fbe-a83a-2a620976aad2
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/399ffd65-f3c0-4fbe-a83a-2a620976aad2
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fatcatapps:pixel_cat:*:*:*:*:*:wordpress:*:*

Версия до 2.6.2 (исключая)

EPSS

Процентиль: 29%

0.00107

Низкий

9 Critical

CVSS3

6 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-7x28-3j26-66f5

github

около 4 лет назад

The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks

EPSS

Процентиль: 29%

0.00107

Низкий

9 Critical

CVSS3

6 Medium

CVSS2

Дефекты

CWE-352