exploitDog

CVE-2022-1549

Опубликовано: 13 июн. 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The WP Athletics WordPress plugin through 1.1.7 does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability.

Ссылки

https://wpscan.com/vulnerability/afef06f5-71a6-4372-9648-0db59f9b254f
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/afef06f5-71a6-4372-9648-0db59f9b254f
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wp_athletics_project:wp_athletics:*:*:*:*:*:wordpress:*:*

Версия до 1.1.7 (включая)

EPSS

Процентиль: 48%

0.00247

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-x9ch-v34x-c7q3

CVSS3: 5.4

github

больше 3 лет назад

The WP Athletics WordPress plugin through 1.1.7 does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability.

EPSS

Процентиль: 48%

0.00247

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79