CVE-2021-24936

WP Extra File Types < 0.5.1 - CSRF to Stored Cross-Site Scripting

EPSS 0.5%CWE-352

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

24 jan 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The WP Extra File Types WordPress plugin before 0.5.1 does not have CSRF check when saving its settings, nor sanitise and escape some of them, which could allow attackers to make a logged in admin change them and perform Cross-Site Scripting attacks

Produtos afetados

Unknown · WP Extra File Types

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://wpscan.com/vulnerability/4fb61b84-ff5f-4b4c-a516-54b749f9611e