PT-2023-10625 · Bastianallgeier · Bastianallgeier Kirby Webmentions Plugin
Bastianallgeier
·
Published
2023-01-19
·
Updated
2024-05-17
·
CVE-2017-20174
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
bastianallgeier Kirby Webmentions Plugin (affected versions not specified)
Description
A vulnerability was found in the bastianallgeier Kirby Webmentions Plugin, allowing for injection attacks. The manipulation can be launched remotely, but the complexity of the attack is rather high, and exploitation is known to be difficult.
Recommendations
Apply a patch to fix this issue. The patch is identified as 55bedea78ae9af916a9a41497bd9996417851502.
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bastianallgeier Kirby Webmentions Plugin