exploitDog

CVE-2022-3935

Опубликовано: 12 дек. 2022

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks

Ссылки

https://wpscan.com/vulnerability/906c5122-dd6d-494b-b66c-4162e234ea05
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/906c5122-dd6d-494b-b66c-4162e234ea05
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:welcart:welcart_e-commerce:*:*:*:*:*:wordpress:*:*

Версия до 2.8.4 (исключая)

EPSS

Процентиль: 46%

0.00231

Низкий

5.4 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-cchx-3mjj-hjj4

CVSS3: 5.4

github

около 3 лет назад

The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks

EPSS

Процентиль: 46%

0.00231

Низкий

5.4 Medium

CVSS3

Дефекты