exploitDog

CVE-2021-24994

Опубликовано: 28 фев. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issue

Ссылки

https://wpscan.com/vulnerability/ea74257a-f6b0-49e9-a81f-53c0eb81b1da
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/ea74257a-f6b0-49e9-a81f-53c0eb81b1da
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpvivid:migration\,_backup\,_staging:*:*:*:*:*:wordpress:*:*

Версия до 0.9.69 (исключая)

EPSS

Процентиль: 87%

0.0352

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-3mw8-p9vq-vwxw

CVSS3: 6.1

github

почти 4 года назад

The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issue

EPSS

Процентиль: 87%

0.0352

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79