exploitDog

CVE-2023-1905

Опубликовано: 08 мая 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficient fix of CVE-2023-24003

Ссылки

https://wpscan.com/vulnerability/b6ac3e15-6f39-4514-a50d-cca7b9457736
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/b6ac3e15-6f39-4514-a50d-cca7b9457736
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:timersys:wp_popups:*:*:*:*:*:wordpress:*:*

Версия до 2.1.5.1 (исключая)

EPSS

Процентиль: 30%

0.00109

Низкий

5.4 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-qr32-r782-79j4

CVSS3: 5.4

github

больше 2 лет назад

The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficient fix of CVE-2023-24003

EPSS

Процентиль: 30%

0.00109

Низкий

5.4 Medium

CVSS3

Дефекты