CVE-2022-34648

Опубликовано: 23 авг. 2022

Источник: nvd

CVSS3: 4.8

CVSS3: 5.4

EPSS Низкий

Описание

Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.

Ссылки

https://patchstack.com/database/vulnerability/uploading-svgwebp-and-ico-files/wordpress-uploading-svg-webp-and-ico-files-plugin-1-0-0-authenticated-stored-cross-site-scripting-xss-vulnerability
Third Party Advisory
https://wordpress.org/plugins/uploading-svgwebp-and-ico-files/#developers
Product
Third Party Advisory
https://patchstack.com/database/vulnerability/uploading-svgwebp-and-ico-files/wordpress-uploading-svg-webp-and-ico-files-plugin-1-0-0-authenticated-stored-cross-site-scripting-xss-vulnerability
Third Party Advisory
https://wordpress.org/plugins/uploading-svgwebp-and-ico-files/#developers
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:uploading_svg\,_webp_and_ico_files_project:uploading_svg\,_webp_and_ico_files:*:*:*:*:*:wordpress:*:*

Версия до 1.0.1 (включая)

EPSS

Процентиль: 41%

0.00192

Низкий

4.8 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-cmqg-5hgq-7vq9

CVSS3: 5.4

github

больше 3 лет назад

Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.

EPSS

Процентиль: 41%

0.00192

Низкий

4.8 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79