exploitDog

CVE-2023-5620

Опубликовано: 27 нояб. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks.

Ссылки

https://wpscan.com/vulnerability/a03330c2-3ae0-404d-a114-33b18cc47666
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/a03330c2-3ae0-404d-a114-33b18cc47666
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webpushr:web_push_notifications:*:*:*:*:*:wordpress:*:*

Версия до 4.35.0 (исключая)

EPSS

Процентиль: 30%

0.00109

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-vpf6-j6mv-p249

CVSS3: 5.4

github

около 2 лет назад

The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks.

EPSS

Процентиль: 30%

0.00109

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79