exploitDog

CVE-2021-25113

Опубликовано: 04 апр. 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues

Ссылки

https://wpscan.com/vulnerability/7a5078db-e0d4-4076-9de9-5401c3ca0d65
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/7a5078db-e0d4-4076-9de9-5401c3ca0d65
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dropdown_menu_widget_project:dropdown_menu_widget:*:*:*:*:*:wordpress:*:*

Версия до 1.9.7 (включая)

EPSS

Процентиль: 40%

0.0018

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-7g8m-mg7c-jw4j

CVSS3: 5.4

github

почти 4 года назад

The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues

EPSS

Процентиль: 40%

0.0018

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79