PT-2017-12333 · WordPress · Event List
Ning1022
·
Publicado
2017-08-01
·
Atualizado
2017-08-10
·
CVE-2017-12068
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Event List plugin version 0.7.9
Description
The issue concerns a problem with the slug array parameter in the
wp-admin/admin.php endpoint, specifically in the el admin categories delete bulk action, allowing for XSS.Recommendations
For Event List plugin version 0.7.9, avoid using the
delete bulk action in the el admin categories until a fix is available. As a temporary workaround, consider restricting access to the wp-admin/admin.php endpoint to minimize the risk of exploitation.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Event List