exploitDog

CVE-2024-13823

Опубликовано: 15 мая 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The 360 Product Rotation WordPress plugin through 1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.

Ссылки

https://wpscan.com/vulnerability/dcfd8a03-0a04-4fd1-986d-1e816b1fad19/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/dcfd8a03-0a04-4fd1-986d-1e816b1fad19/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yofla:360_product_rotation:*:*:*:*:*:wordpress:*:*

Версия до 1.5.8 (включая)

EPSS

Процентиль: 33%

0.00131

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-42p9-p46j-wc9w

CVSS3: 6.1

github

9 месяцев назад

The 360 Product Rotation WordPress plugin through 1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.

EPSS

Процентиль: 33%

0.00131

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79