Описание
The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.69.1 (исключая)
cpe:2.3:a:wp-ban_project:wp-ban:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 76%
0.0097
Низкий
4.8 Medium
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 4.8
github
около 3 лет назад
The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS3: 4.8
fstec
около 3 лет назад
Уязвимость плагина WP-Ban системы управления содержимым сайта WordPress, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
EPSS
Процентиль: 76%
0.0097
Низкий
4.8 Medium
CVSS3