Описание
The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.7 (исключая)Версия до 1.0.7 (включая)
Одно из
cpe:2.3:a:gsheetconnector:elementor_forms_google_sheet_connector:*:*:*:*:free:wordpress:*:*
cpe:2.3:a:gsheetconnector:elementor_forms_google_sheet_connector:*:*:*:*:pro:wordpress:*:*
EPSS
Процентиль: 28%
0.00099
Низкий
6.1 Medium
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 6.1
github
больше 2 лет назад
The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
EPSS
Процентиль: 28%
0.00099
Низкий
6.1 Medium
CVSS3