Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-13851

Опубликовано: 28 фев. 2025
Источник: nvd
CVSS3: 5.5
CVSS3: 4.8
EPSS Низкий

Описание

The Modal Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:internet-formation:modal_portfolio:*:*:*:*:*:wordpress:*:*
Версия до 1.7.4.2 (включая)

EPSS

Процентиль: 33%
0.00131
Низкий

5.5 Medium

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79
CWE-79

Связанные уязвимости

github логотип

GHSA-fp3v-vr72-3gmh

CVSS3: 5.5
github
11 месяцев назад

The Modal Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

EPSS

Процентиль: 33%
0.00131
Низкий

5.5 Medium

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79
CWE-79