exploitDog

CVE-2024-5212

Опубликовано: 31 авг. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_register_forum_user function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Ссылки

https://tagdiv.com/newspaper/
Not Applicable
https://www.wordfence.com/threat-intel/vulnerabilities/id/db95415a-5354-498b-8368-58c47d9948de?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tagdiv:tagdiv_composer:*:*:*:*:*:wordpress:*:*

Версия до 5.1 (исключая)

EPSS

Процентиль: 70%

0.00622

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-vh3x-cjp8-qvxc

CVSS3: 6.1

github

больше 1 года назад

The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_register_forum_user function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

EPSS

Процентиль: 70%

0.00622

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79