exploitDog

CVE-2023-1126

Опубликовано: 24 апр. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks

Ссылки

https://wpscan.com/vulnerability/87ce3c59-b234-47bf-abca-e690b53bbe82
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/87ce3c59-b234-47bf-abca-e690b53bbe82
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wp_fevents_book_project:wp_fevents_book:*:*:*:*:*:wordpress:*:*

Версия до 0.46 (включая)

EPSS

Процентиль: 35%

0.00148

Низкий

5.4 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-93f7-6pj6-f9gr

CVSS3: 5.4

github

почти 3 года назад

The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks

EPSS

Процентиль: 35%

0.00148

Низкий

5.4 Medium

CVSS3

Дефекты