Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-4010

Опубликовано: 12 дек. 2022
Источник: nvd
CVSS3: 4.8
EPSS Низкий

Описание

The Image Hover Effects WordPress plugin before 5.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:webdevocean:image_hover_effects:*:*:*:*:*:wordpress:*:*
Версия до 5.3 (включая)

EPSS

Процентиль: 37%
0.00157
Низкий

4.8 Medium

CVSS3

Дефекты

Связанные уязвимости

github логотип

GHSA-2777-r28v-7m99

CVSS3: 4.8
github
почти 3 года назад

The Image Hover Effects WordPress plugin through 5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

EPSS

Процентиль: 37%
0.00157
Низкий

4.8 Medium

CVSS3

Дефекты