PT-2017-12333 · WordPress · Event List
Ning1022
·
Published
2017-08-01
·
Updated
2017-08-10
·
CVE-2017-12068
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Event List plugin version 0.7.9
Description
The issue concerns a problem with the slug array parameter in the
wp-admin/admin.php endpoint, specifically in the el admin categories delete bulk action, allowing for XSS.Recommendations
For Event List plugin version 0.7.9, avoid using the
delete bulk action in the el admin categories until a fix is available. As a temporary workaround, consider restricting access to the wp-admin/admin.php endpoint to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Event List