exploitDog

CVE-2023-1324

Опубликовано: 24 апр. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Ссылки

https://wpscan.com/vulnerability/8f510b8c-b97a-44c9-a36d-2d775a4f7b81
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/8f510b8c-b97a-44c9-a36d-2d775a4f7b81
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yikesinc:easy_forms_for_mailchimp:*:*:*:*:*:wordpress:*:*

Версия до 6.8.8 (исключая)

EPSS

Процентиль: 39%

0.00168

Низкий

6.1 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-292r-c8r5-h2g9

CVSS3: 6.1

github

больше 2 лет назад

The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

EPSS

Процентиль: 39%

0.00168

Низкий

6.1 Medium

CVSS3

Дефекты