CVE-2023-0038

Опубликовано: 03 янв. 2023

Источник: nvd

CVSS3: 7.2

CVSS3: 6.1

EPSS Низкий

Описание

The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts when submitting quizzes that will execute whenever a user accesses the submissions page.

Ссылки

https://plugins.trac.wordpress.org/browser/survey-maker/tags/3.1.4/public/partials/class-survey-maker-submissions-summary-shortcode.php?rev=2839688#L311
Exploit
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/a2a58fab-d4a3-4333-8495-e094ed85bb61
Third Party Advisory
https://plugins.trac.wordpress.org/browser/survey-maker/tags/3.1.4/public/partials/class-survey-maker-submissions-summary-shortcode.php?rev=2839688#L311
Exploit
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/a2a58fab-d4a3-4333-8495-e094ed85bb61
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ays-pro:survey_maker:*:*:*:*:*:wordpress:*:*

Версия до 3.1.3 (включая)

EPSS

Процентиль: 83%

0.01979

Низкий

7.2 High

CVSS3

6.1 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-9893-2v8q-6v9r

CVSS3: 6.1

github

больше 2 лет назад

EPSS

Процентиль: 83%

0.01979

Низкий

7.2 High

CVSS3

6.1 Medium

CVSS3