Описание
The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfiltered_html is disallowed, such as in multi-site WordPress configurations.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.8.0 (исключая)
cpe:2.3:a:pagelayer:pagelayer:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 32%
0.00126
Низкий
4.8 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.8
github
около 2 лет назад
The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfiltered_html is disallowed, such as in multi-site WordPress configurations.
EPSS
Процентиль: 32%
0.00126
Низкий
4.8 Medium
CVSS3
Дефекты
CWE-79