CVE-2022-36378

Опубликовано: 29 июл. 2022

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress.

Ссылки

https://patchstack.com/database/vulnerability/floating-div/wordpress-floating-div-plugin-3-0-authenticated-stored-cross-site-scripting-xss-vulnerability
Third Party Advisory
https://wordpress.org/plugins/floating-div/#developers
Third Party Advisory
https://patchstack.com/database/vulnerability/floating-div/wordpress-floating-div-plugin-3-0-authenticated-stored-cross-site-scripting-xss-vulnerability
Third Party Advisory
https://wordpress.org/plugins/floating-div/#developers
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:floating_div_project:floating_div:*:*:*:*:*:wordpress:*:*

Версия до 3.0 (включая)

EPSS

Процентиль: 55%

0.00322

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-3wq5-2gjw-q95m