Описание
The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Ссылки
- Patch
- Product
- Third Party Advisory
- Patch
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 17.0.17 (включая)
cpe:2.3:a:getshieldsecurity:shield_security:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 97%
0.34496
Средний
7.2 High
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 7.2
github
больше 2 лет назад
The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
EPSS
Процентиль: 97%
0.34496
Средний
7.2 High
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79