CVE-2024-39682

Опубликовано: 18 июл. 2024

Источник: nvd

CVSS3: 6.4

CVSS3: 5.4

EPSS Низкий

Описание

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary HTML in pages that will be shown whenever a user accesses a compromised page. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Ссылки

https://github.com/XjSv/Cooked/security/advisories/GHSA-fx69-f77x-84gr
Exploit
Vendor Advisory
https://github.com/XjSv/Cooked/security/advisories/GHSA-fx69-f77x-84gr
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:boxystudio:cooked:*:*:*:*:pro:wordpress:*:*

Версия до 1.8.0 (исключая)

EPSS

Процентиль: 81%

0.01465

Низкий

6.4 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-116

CWE-79

EPSS

Процентиль: 81%

0.01465

Низкий

6.4 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-116

CWE-79