exploitDog

CVE-2025-12065

Опубликовано: 04 нояб. 2025

Источник: nvd

CVSS3: 4.4

EPSS Низкий

Описание

The WP Carticon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carticon_js_script' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Ссылки

EPSS

Процентиль: 12%

0.0004

Низкий

4.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-wqmw-2cq3-rr6p

CVSS3: 4.4

github

3 месяца назад

The WP Carticon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carticon_js_script' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

EPSS

Процентиль: 12%

0.0004

Низкий

4.4 Medium

CVSS3

Дефекты

CWE-79