exploitDog

CVE-2024-5811

Опубликовано: 12 июл. 2024

Источник: nvd

CVSS3: 5.4

CVSS3: 6.1

EPSS Низкий

Описание

The Simple Video Directory WordPress plugin before 1.4.4 does not sanitise and escape some of its settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Ссылки

https://wpscan.com/vulnerability/bf6c2e28-51ef-443b-b1c2-d555c7e12f7f/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/bf6c2e28-51ef-443b-b1c2-d555c7e12f7f/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:quantumcloud:simple_video_directory:*:*:*:*:*:*:*:*

Версия до 1.4.4 (исключая)

EPSS

Процентиль: 42%

0.00202

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-33q9-6qmp-35mw

CVSS3: 5.4

github

больше 1 года назад

The Simple Video Directory WordPress plugin before 1.4.4 does not sanitise and escape some of its settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

EPSS

Процентиль: 42%

0.00202

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79