exploitDog

CVE-2024-5715

Опубликовано: 13 июл. 2024

Источник: nvd

CVSS3: 7.1

EPSS Низкий

Описание

The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Ссылки

https://wpscan.com/vulnerability/d86bc001-51ae-4dcc-869b-80c91251cc2e/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/d86bc001-51ae-4dcc-869b-80c91251cc2e/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tipsandtricks-hq:wp_emember:*:*:*:*:*:wordpress:*:*

Версия до 10.6.7 (исключая)

EPSS

Процентиль: 29%

0.00107

Низкий

7.1 High

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-f55m-xr77-gph2

CVSS3: 7.1

github

больше 1 года назад

The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

EPSS

Процентиль: 29%

0.00107

Низкий

7.1 High

CVSS3

Дефекты

CWE-79