Описание
The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts (like those with the contributor role) to conduct Stored XSS attacks.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.1.4 (исключая)
cpe:2.3:a:wpengine:genesis_blocks:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 22%
0.00069
Низкий
6.8 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
9 месяцев назад
The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts (like those with the contributor role) to conduct Stored XSS attacks.
EPSS
Процентиль: 22%
0.00069
Низкий
6.8 Medium
CVSS3
Дефекты
CWE-79