exploitDog

CVE-2023-5653

Опубликовано: 27 нояб. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins

Ссылки

https://wpscan.com/vulnerability/76316621-1987-44ea-83e5-6ca884bdd1c0
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/76316621-1987-44ea-83e5-6ca884bdd1c0
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wassup_real_time_analytics_project:wassup_real_time_analytics:*:*:*:*:*:wordpress:*:*

Версия до 1.9.4.5 (включая)

EPSS

Процентиль: 68%

0.00576

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-4q47-vc82-p724

CVSS3: 6.1

github

около 2 лет назад

The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins

EPSS

Процентиль: 68%

0.00576

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79