exploitDog

CVE-2024-3241

Опубликовано: 14 мая 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Ссылки

https://wpscan.com/vulnerability/a645daee-42ea-43f8-9480-ef3be69606e0/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/a645daee-42ea-43f8-9480-ef3be69606e0/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dotcamp:ultimate_blocks:*:*:*:*:*:wordpress:*:*

Версия до 3.1.7 (исключая)

EPSS

Процентиль: 55%

0.00326

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-xrrj-cr4g-f623

CVSS3: 5.4

github

больше 1 года назад

The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

EPSS

Процентиль: 55%

0.00326

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79