PT-2019-7734 · Podlove · Podlove-Podcasting-Plugin-For-Wordpress

Publicado

2019-09-13

Atualizado

2019-09-13

CVE-2016-10941

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions podlove-podcasting-plugin-for-wordpress versions prior to 2.3.16

Description The issue concerns a Cross-Site Scripting (XSS) exploit that is achievable via Cross-Site Request Forgery (CSRF). This means an attacker could potentially execute malicious scripts on a user's browser, leveraging the user's session to perform unauthorized actions on the web application.

Recommendations For versions prior to 2.3.16, update to version 2.3.16 or later to resolve the issue.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2016-10941

Produtos afetados

Podlove-Podcasting-Plugin-For-Wordpress

PT-2019-7734 · Podlove · Podlove-Podcasting-Plugin-For-Wordpress

CVE-2016-10941

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7