CVE-2023-5538

Опубликовано: 18 окт. 2023

Источник: nvd

CVSS3: 7.2

CVSS3: 6.1

EPSS Средний

Описание

The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Ссылки

https://github.com/juweihuitao/MpOperationLogs/
Exploit
Third Party Advisory
https://plugins.trac.wordpress.org/browser/mpoperationlogs/trunk/common.php#L10
Product
https://plugins.trac.wordpress.org/browser/mpoperationlogs/trunk/template/ipslist_td.php
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/bc5f1b00-acee-4dc8-acd7-2d3f3493f253?source=cve
Exploit
Third Party Advisory
https://github.com/juweihuitao/MpOperationLogs/
Exploit
Third Party Advisory
https://plugins.trac.wordpress.org/browser/mpoperationlogs/trunk/common.php#L10
Product
https://plugins.trac.wordpress.org/browser/mpoperationlogs/trunk/template/ipslist_td.php
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/bc5f1b00-acee-4dc8-acd7-2d3f3493f253?source=cve
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mrpeng:mpoperationlogs:*:*:*:*:*:wordpress:*:*

Версия до 1.0.1 (включая)

EPSS

Процентиль: 93%

0.11199

Средний

7.2 High

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-r22f-cv66-85xr

CVSS3: 7.2

github

больше 2 лет назад

EPSS

Процентиль: 93%

0.11199

Средний

7.2 High

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79