exploitDog

CVE-2023-4820

Опубликовано: 16 окт. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin.

Ссылки

https://wpscan.com/vulnerability/e866a214-a142-43c7-b93d-ff2301a3e432
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/e866a214-a142-43c7-b93d-ff2301a3e432
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:blubrry:powerpress:*:*:*:*:*:wordpress:*:*

Версия до 11.0.12 (исключая)

EPSS

Процентиль: 30%

0.00109

Низкий

5.4 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-hfr4-7364-jv2q

CVSS3: 5.4

github

больше 2 лет назад

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin.

EPSS

Процентиль: 30%

0.00109

Низкий

5.4 Medium

CVSS3

Дефекты