exploitDog

CVE-2022-1029

Опубликовано: 27 июн. 2022

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)

Ссылки

https://wpscan.com/vulnerability/0e74eeb4-89e2-4873-904f-ad4f25c4a8ba
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/0e74eeb4-89e2-4873-904f-ad4f25c4a8ba
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:miniorange:limit_login_attempts:*:*:*:*:*:wordpress:*:*

Версия до 4.0.72 (исключая)

EPSS

Процентиль: 42%

0.00197

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-5vgw-hh7v-325x

CVSS3: 4.8

github

больше 3 лет назад

The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)

EPSS

Процентиль: 42%

0.00197

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79