exploitDog

CVE-2023-5348

Опубликовано: 18 дек. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users.

Ссылки

https://wpscan.com/vulnerability/b37b09c1-1b53-471c-9b10-7d2d05ae11f1
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/b37b09c1-1b53-471c-9b10-7d2d05ae11f1
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:multivendorx:product_catalog_mode_for_woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 5.0.3 (исключая)

EPSS

Процентиль: 70%

0.00636

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-v6cw-g4v9-gjmf

CVSS3: 6.1

github

около 2 лет назад

The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users.

EPSS

Процентиль: 70%

0.00636

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79