exploitDog

CVE-2024-13625

Опубликовано: 17 фев. 2025

Источник: nvd

CVSS3: 7.1

EPSS Низкий

Описание

The Tube Video Ads Lite WordPress plugin through 1.5.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Ссылки

https://wpscan.com/vulnerability/6bfabf1d-86f2-4d29-bc55-d618d757dcc6/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gualdoni:tube_video_ads_lite:*:*:*:*:*:wordpress:*:*

Версия до 1.5.7 (включая)

EPSS

Процентиль: 8%

0.00029

Низкий

7.1 High

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-php9-vq53-w2xm

CVSS3: 4.7

github

12 месяцев назад

The Tube Video Ads Lite WordPress plugin through 1.5.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

EPSS

Процентиль: 8%

0.00029

Низкий

7.1 High

CVSS3

Дефекты

CWE-79