exploitDog

CVE-2021-36884

Опубликовано: 19 нояб. 2021

Источник: nvd

CVSS3: 4.8

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup Migration plugin <= 1.1.5 versions.

Ссылки

https://patchstack.com/database/vulnerability/backup-backup/wordpress-backup-migration-plugin-1-1-5-authenticated-persistent-cross-site-scripting-xss-vulnerability
Patch
Third Party Advisory
https://wordpress.org/plugins/backup-backup/#developers
Third Party Advisory
https://patchstack.com/database/vulnerability/backup-backup/wordpress-backup-migration-plugin-1-1-5-authenticated-persistent-cross-site-scripting-xss-vulnerability
Patch
Third Party Advisory
https://wordpress.org/plugins/backup-backup/#developers
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:backupbliss:backup_migration:*:*:*:*:*:wordpress:*:*

Версия до 1.1.5 (включая)

EPSS

Процентиль: 44%

0.00215

Низкий

4.8 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-5q55-ghjj-wjrp

github

около 4 лет назад

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup Migration plugin <= 1.1.5 versions.

EPSS

Процентиль: 44%

0.00215

Низкий

4.8 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79