exploitDog

CVE-2021-24976

Опубликовано: 24 янв. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 2.6

EPSS Низкий

Описание

The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting

Ссылки

https://plugins.trac.wordpress.org/changeset/2637305
Patch
Third Party Advisory
https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0
Exploit
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2637305
Patch
Third Party Advisory
https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wbolt:smart_seo_tool:*:*:*:*:*:wordpress:*:*

Версия до 3.0.6 (исключая)

EPSS

Процентиль: 43%

0.0021

Низкий

6.1 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-555p-jhmj-xhrc

github

около 4 лет назад

The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting

EPSS

Процентиль: 43%

0.0021

Низкий

6.1 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-79