exploitDog

CVE-2021-25107

Опубликовано: 14 фев. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin

Ссылки

https://plugins.trac.wordpress.org/changeset/2657583
Patch
Third Party Advisory
https://wpscan.com/vulnerability/3999a1b9-df85-43b1-b412-dc8a6f71cc5d
Exploit
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2657583
Patch
Third Party Advisory
https://wpscan.com/vulnerability/3999a1b9-df85-43b1-b412-dc8a6f71cc5d
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:accesspressthemes:form_store_to_db:*:*:*:*:*:wordpress:*:*

Версия до 1.1.1 (исключая)

EPSS

Процентиль: 94%

0.12126

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-796r-rh39-cjqr

github

почти 4 года назад

The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin

EPSS

Процентиль: 94%

0.12126

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79