exploitDog

CVE-2023-6529

Опубликовано: 08 янв. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities.

Ссылки

https://wpscan.com/vulnerability/c36314c1-a2c0-4816-93c9-e61f9cf7f27a
Third Party Advisory
https://wpscan.com/vulnerability/c36314c1-a2c0-4816-93c9-e61f9cf7f27a
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rextheme:wp_vr:*:*:*:*:*:wordpress:*:*

Версия до 8.3.15 (исключая)

EPSS

Процентиль: 67%

0.00532

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-95jv-pcxp-g9qj

CVSS3: 6.1

github

около 2 лет назад

The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities.

EPSS

Процентиль: 67%

0.00532

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79