PT-2020-14487 · WordPress · Vanguard

Thelastvvv

Published

2020-07-05

Updated

2020-07-10

CVE-2020-15537

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Vanguard plugin version 2.1 for WordPress

Description An issue was discovered that allows XSS to occur via the mails/new title field, a product field to the "p/" URI, or the Products Search box.

Recommendations For Vanguard plugin version 2.1, consider disabling the mails/new title field, restricting access to product fields, and limiting the use of the Products Search box until a fix is available. Avoid using the p/ URI with untrusted input.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-15537

Affected Products

Vanguard

PT-2020-14487 · WordPress · Vanguard

CVE-2020-15537

Weakness Enumeration

Related Identifiers

Affected Products

References · 5