Описание
The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbitrary snippets. Furthermore, imported snippers are not sanitised and escaped, which could lead to Stored Cross-Site Scripting issues
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.1.4 (исключая)
cpe:2.3:a:postsnippets:post_snippets:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 36%
0.00149
Низкий
9.6 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 9.6
github
почти 4 года назад
The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbitrary snippets. Furthermore, imported snippers are not sanitised and escaped, which could lead to Stored Cross-Site Scripting issues
EPSS
Процентиль: 36%
0.00149
Низкий
9.6 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352