exploitDog

CVE-2024-13113

Опубликовано: 26 фев. 2025

Источник: nvd

CVSS3: 5.9

EPSS Низкий

Описание

The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.

Ссылки

https://wpscan.com/vulnerability/ffc31d9d-d245-4c4b-992d-394a01798117/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:flickdevs:countdown_timer_for_elementor:*:*:*:*:*:wordpress:*:*

Версия до 1.3.7 (исключая)

EPSS

Процентиль: 26%

0.00093

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-gxwp-4448-26fp

CVSS3: 5.9

github

12 месяцев назад

The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.

EPSS

Процентиль: 26%

0.00093

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-79