exploitDog

CVE-2024-3692

Опубликовано: 03 мая 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The Gutenverse WordPress plugin before 1.9.1 does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Ссылки

https://wpscan.com/vulnerability/6f100f85-3a76-44be-8092-06eb8595b0c9/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/6f100f85-3a76-44be-8092-06eb8595b0c9/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jegstudio:gutenverse:*:*:*:*:free:wordpress:*:*

Версия до 1.9.1 (исключая)

EPSS

Процентиль: 39%

0.00177

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-fxmj-37cj-x4r5

CVSS3: 6.1

github

почти 2 года назад

The Gutenverse WordPress plugin before 1.9.1 does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

EPSS

Процентиль: 39%

0.00177

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79