exploitDog

CVE-2023-1861

Опубликовано: 02 мая 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks

Ссылки

https://wpscan.com/vulnerability/461cbcca-aed7-4c92-ba35-ebabf4fcd810
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/461cbcca-aed7-4c92-ba35-ebabf4fcd810
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:limit_login_attempts_project:limit_login_attempts:*:*:*:*:*:wordpress:*:*

Версия до 1.7.2 (включая)

EPSS

Процентиль: 31%

0.00116

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-rvp8-3787-qggj

CVSS3: 5.4

github

почти 3 года назад

The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks

EPSS

Процентиль: 31%

0.00116

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79