exploitDog

CVE-2023-4811

Опубликовано: 16 окт. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.

Ссылки

https://wpscan.com/vulnerability/7f9271f2-4de4-4be3-8746-2a3f149eb1d1
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/7f9271f2-4de4-4be3-8746-2a3f149eb1d1
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:iptanus:wordpress_file_upload:*:*:*:*:*:wordpress:*:*

Версия до 4.23.3 (исключая)

EPSS

Процентиль: 30%

0.00109

Низкий

5.4 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-p3qx-72c8-xc9p

CVSS3: 5.4

github

больше 2 лет назад

The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.

EPSS

Процентиль: 30%

0.00109

Низкий

5.4 Medium

CVSS3

Дефекты