exploitDog

CVE-2024-38744

Опубликовано: 01 нояб. 2024

Источник: nvd

CVSS3: 8.3

EPSS Низкий

Описание

Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0.

Ссылки

https://patchstack.com/database/vulnerability/qodeblock/wordpress-plum-spin-wheel-email-pop-up-plugin-2-0-broken-access-control-to-unauth-stored-xss-vulnerability?_s_id=cve

EPSS

Процентиль: 41%

0.00192

Низкий

8.3 High

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-jf3q-9x2q-r3hj

CVSS3: 8.3

github

больше 1 года назад

Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0.

EPSS

Процентиль: 41%

0.00192

Низкий

8.3 High

CVSS3

Дефекты

CWE-862