exploitDog

CVE-2023-4294

Опубликовано: 11 сент. 2023

Источник: nvd

CVSS3: 6.1

EPSS Средний

Описание

The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link.

Ссылки

https://wpscan.com/vulnerability/1fc71fc7-861a-46cc-a147-1c7ece9a7776
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/1fc71fc7-861a-46cc-a147-1c7ece9a7776
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kaizencoders:url_shortify:*:*:*:*:*:wordpress:*:*

Версия до 1.7.6 (исключая)

EPSS

Процентиль: 97%

0.31928

Средний

6.1 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-57cx-38gf-xwrm

CVSS3: 6.1

github

больше 2 лет назад

The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link.

EPSS

Процентиль: 97%

0.31928

Средний

6.1 Medium

CVSS3

Дефекты