CVE-2021-24504
WP LMS <= 1.1.2 - Stored Cross-Site Scripting (XSS)
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS —EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
02 ago 2021Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either via CSRF or as any user (including unauthenticated)
Produtos afetados
Unknown · WP LMS – Best WordPress LMS PluginQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →