exploitDog

CVE-2023-0367

Опубликовано: 17 апр. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Ссылки

https://wpscan.com/vulnerability/d7685af2-6034-49ea-93ef-4debe72689bc
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/d7685af2-6034-49ea-93ef-4debe72689bc
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pricing_tables_for_wpbakery_page_builder_project:pricing_tables_for_wpbakery_page_builder:*:*:*:*:*:wordpress:*:*

Версия до 3.0 (исключая)

EPSS

Процентиль: 34%

0.00137

Низкий

5.4 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-9vxp-r8hx-2p35

CVSS3: 5.4

github

почти 3 года назад

The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

EPSS

Процентиль: 34%

0.00137

Низкий

5.4 Medium

CVSS3

Дефекты