exploitDog

CVE-2025-13537

Опубликовано: 17 дек. 2025

Источник: nvd

CVSS3: 6.4

EPSS Низкий

Описание

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Ссылки

EPSS

Процентиль: 10%

0.00034

Низкий

6.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-rwph-88j2-jxq8

CVSS3: 6.4

github

около 2 месяцев назад

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

EPSS

Процентиль: 10%

0.00034

Низкий

6.4 Medium

CVSS3

Дефекты

CWE-79