exploitDog

CVE-2022-1028

Опубликовано: 27 июн. 2022

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)

Ссылки

https://wpscan.com/vulnerability/16fc08ec-8476-4f3c-93ea-6a51ed880dd5
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/16fc08ec-8476-4f3c-93ea-6a51ed880dd5
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:miniorange:wordpress_security:*:*:*:*:*:wordpress:*:*

Версия до 4.2.1 (исключая)

EPSS

Процентиль: 52%

0.00287

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-p7f4-wpx9-f83x

CVSS3: 4.8

github

больше 3 лет назад

The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)

EPSS

Процентиль: 52%

0.00287

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79