CVE-2022-29430

Опубликовано: 20 мая 2022

Источник: nvd

CVSS3: 4.7

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality.

Ссылки

https://patchstack.com/database/vulnerability/png-to-jpg/wordpress-png-to-jpg-plugin-4-0-cross-site-request-forgery-csrf-leading-to-persistent-cross-site-scripting-xss-vulnerability
Third Party Advisory
https://wordpress.org/plugins/png-to-jpg/#developers
Product
https://patchstack.com/database/vulnerability/png-to-jpg/wordpress-png-to-jpg-plugin-4-0-cross-site-request-forgery-csrf-leading-to-persistent-cross-site-scripting-xss-vulnerability
Third Party Advisory
https://wordpress.org/plugins/png-to-jpg/#developers
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:png_to_jpg_project:png_to_jpg:*:*:*:*:*:wordpress:*:*

Версия до 4.0 (включая)

EPSS

Процентиль: 34%

0.00135

Низкий

4.7 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-ch38-2px8-5wrr

CVSS3: 6.1

github

больше 3 лет назад

Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality.

EPSS

Процентиль: 34%

0.00135

Низкий

4.7 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79