Описание
In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 12.3.21 (исключая)
cpe:2.3:a:squirrly:seo_plugin_by_squirrly_seo:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 30%
0.00109
Низкий
3.5 Low
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 3.5
github
около 1 года назад
In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor
EPSS
Процентиль: 30%
0.00109
Низкий
3.5 Low
CVSS3
Дефекты
CWE-79