exploitDog

CVE-2024-3075

Опубликовано: 26 апр. 2024

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

The MM-email2image WordPress plugin through 0.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Ссылки

https://wpscan.com/vulnerability/450375f6-a9d4-49f6-8bab-867774372795/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/450375f6-a9d4-49f6-8bab-867774372795/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mmilan81:mm-email2image:*:*:*:*:*:*:*:*

Версия до 0.2.5 (включая)

EPSS

Процентиль: 67%

0.00536

Низкий

8.1 High

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-jgfj-pqpg-7r5f

CVSS3: 8.1

github

почти 2 года назад

The MM-email2image WordPress plugin through 0.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

EPSS

Процентиль: 67%

0.00536

Низкий

8.1 High

CVSS3

Дефекты

CWE-79