Описание
The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.6.3 (исключая)
cpe:2.3:a:futuriowp:futurio_extra:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 39%
0.00177
Низкий
2.7 Low
CVSS3
4 Medium
CVSS2
Дефекты
CWE-89
CWE-89
Связанные уязвимости
github
почти 4 года назад
The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link.
EPSS
Процентиль: 39%
0.00177
Низкий
2.7 Low
CVSS3
4 Medium
CVSS2
Дефекты
CWE-89
CWE-89