exploitDog

CVE-2021-36920

Опубликовано: 14 янв. 2022

Источник: nvd

CVSS3: 4.8

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6).

Ссылки

https://patchstack.com/database/vulnerability/download-monitor/wordpress-download-monitor-plugin-4-4-6-authenticated-reflected-cross-site-scripting-xss-vulnerability
Third Party Advisory
https://wordpress.org/plugins/download-monitor/#developers
Release Notes
Third Party Advisory
https://patchstack.com/database/vulnerability/download-monitor/wordpress-download-monitor-plugin-4-4-6-authenticated-reflected-cross-site-scripting-xss-vulnerability
Third Party Advisory
https://wordpress.org/plugins/download-monitor/#developers
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpchill:download_monitor:*:*:*:*:*:wordpress:*:*

Версия до 4.4.6 (включая)

EPSS

Процентиль: 44%

0.00215

Низкий

4.8 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-6vjf-f548-f65r

github

около 4 лет назад

Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6).

EPSS

Процентиль: 44%

0.00215

Низкий

4.8 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79