Описание
The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.7 (исключая)Версия до 1.0.8 (исключая)
Одно из
cpe:2.3:a:themepoints:testimonials:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:themepoints:testimonials_pro:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 45%
0.00226
Низкий
4.8 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.8
github
около 3 лет назад
The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
EPSS
Процентиль: 45%
0.00226
Низкий
4.8 Medium
CVSS3
Дефекты
CWE-79