exploitDog

CVE-2023-1420

Опубликовано: 24 апр. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Ссылки

https://wpscan.com/vulnerability/a9a54ee5-2b80-4f55-894c-1047030eea7f
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/a9a54ee5-2b80-4f55-894c-1047030eea7f
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:wp-dreams:ajax_search:*:*:*:*:lite:wordpress:*:*

Версия до 4.11.1 (исключая)

cpe:2.3:a:wp-dreams:ajax_search:*:*:*:*:pro:wordpress:*:*

Версия до 4.26.2 (исключая)

EPSS

Процентиль: 35%

0.00146

Низкий

6.1 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-cq3h-xfg9-7523

CVSS3: 6.1

github

почти 3 года назад

The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

EPSS

Процентиль: 35%

0.00146

Низкий

6.1 Medium

CVSS3

Дефекты