CVE-2024-5533

Опубликовано: 18 июн. 2024

Источник: nvd

CVSS3: 6.4

CVSS3: 5.4

EPSS Низкий

Описание

The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.25.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Ссылки

https://www.elegantthemes.com/api/changelog/divi.txt
Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/6571a899-f217-434f-bbed-b1faf77a8d8b?source=cve
Third Party Advisory
https://www.elegantthemes.com/api/changelog/divi.txt
Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/6571a899-f217-434f-bbed-b1faf77a8d8b?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:elegantthemes:divi:*:*:*:*:*:wordpress:*:*

Версия до 4.25.2 (исключая)

EPSS

Процентиль: 42%

0.00201

Низкий

6.4 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-v437-gvmx-8wm3

CVSS3: 6.4

github

больше 1 года назад

EPSS

Процентиль: 42%

0.00201

Низкий

6.4 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79