Описание
The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and above users to perform Stored XSS attacks
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 13.8 (исключая)Версия до 3.4.8 (исключая)
Одно из
cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:automattic:jetpack_boost:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 11%
0.00039
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.9
github
9 месяцев назад
The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and above users to perform Stored XSS attacks
EPSS
Процентиль: 11%
0.00039
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-79