exploitDog

CVE-2024-4217

Опубликовано: 13 июл. 2024

Источник: nvd

CVSS3: 4.7

EPSS Низкий

Описание

The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its shortcodes' settings, making it possible for attackers with a Contributor account to conduct Stored XSS attacks.

Ссылки

https://wpscan.com/vulnerability/55cb43bf-7c8f-4df7-b4de-bf2bb1c2766d/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/55cb43bf-7c8f-4df7-b4de-bf2bb1c2766d/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:getshortcodes:shortcodes_ultimate:*:*:*:*:pro:wordpress:*:*

Версия до 7.1.5 (исключая)

EPSS

Процентиль: 33%

0.00134

Низкий

4.7 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-f44w-q987-x489

CVSS3: 4.7

github

больше 1 года назад

The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its shortcodes' settings, making it possible for attackers with a Contributor account to conduct Stored XSS attacks.

EPSS

Процентиль: 33%

0.00134

Низкий

4.7 Medium

CVSS3

Дефекты

CWE-79