exploitDog

CVE-2023-0368

Опубликовано: 19 июн. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Ссылки

https://wpscan.com/vulnerability/b41e5c09-1034-48a7-ac0f-d4db6e7a3b3e
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/b41e5c09-1034-48a7-ac0f-d4db6e7a3b3e
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:responsive_tabs_for_wpbakery_page_builder_project:responsive_tabs_for_wpbakery_page_builder:*:*:*:*:*:wordpress:*:*

Версия до 1.1 (включая)

EPSS

Процентиль: 26%

0.00092

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-whcw-47jx-jgvj

CVSS3: 5.4

github

больше 2 лет назад

The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

EPSS

Процентиль: 26%

0.00092

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Уязвимость CVE-2023-0368