Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-2762

Опубликовано: 13 июн. 2024
Источник: nvd
CVSS3: 5.4
CVSS3: 6.3
EPSS Низкий

Описание

The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:fooplugins:foogallery:*:*:*:*:-:wordpress:*:*
Версия до 2.4.15 (исключая)
cpe:2.3:a:fooplugins:foogallery:*:*:*:*:premium:wordpress:*:*
Версия до 2.4.15 (исключая)

EPSS

Процентиль: 53%
0.00306
Низкий

5.4 Medium

CVSS3

6.3 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

github логотип

GHSA-q2px-mjvm-3h6f

CVSS3: 5.4
github
больше 1 года назад

The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin

EPSS

Процентиль: 53%
0.00306
Низкий

5.4 Medium

CVSS3

6.3 Medium

CVSS3

Дефекты

CWE-79