exploitDog

CVE-2024-5417

Опубликовано: 29 авг. 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Ссылки

https://wpscan.com/vulnerability/fb7d6839-9ccb-4a0f-9dca-d6841f666a1b/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gutentor:gutentor:*:*:*:*:*:wordpress:*:*

Версия до 3.3.6 (исключая)

EPSS

Процентиль: 38%

0.00169

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-gv48-7crg-mcfr

CVSS3: 5.4

github

больше 1 года назад

The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

EPSS

Процентиль: 38%

0.00169

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79