exploitDog

CVE-2021-25031

Опубликовано: 24 янв. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

Ссылки

https://plugins.trac.wordpress.org/changeset/2648086
Patch
Third Party Advisory
https://wpscan.com/vulnerability/1fbcf5ec-498e-4d40-8577-84b8c7ac3201
Exploit
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2648086
Patch
Third Party Advisory
https://wpscan.com/vulnerability/1fbcf5ec-498e-4d40-8577-84b8c7ac3201
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oxilab:image_hover_effects_ultimate:*:*:*:*:*:wordpress:*:*

Версия до 9.7.1 (исключая)

EPSS

Процентиль: 43%

0.0021

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-7m9j-p3mv-mpfr

github

около 4 лет назад

The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

EPSS

Процентиль: 43%

0.0021

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79