6.1
CVE-2015-10013
- EPSS 0.64%
- Veröffentlicht 05.01.2023 10:15:09
- Zuletzt bearbeitet 21.11.2024 02:24:10
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginWebDevStudios taxonomy-switcher Plugin taxonomy-switcher.php taxonomy_switcher_init cross site scripting
Taxonomy Switcher <= 1.0.3 - Reflected Cross-Site Scripting
A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3 on WordPress. It has been classified as problematic. Affected is the function taxonomy_switcher_init of the file taxonomy-switcher.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.4 is able to address this issue. It is recommended to upgrade the affected component. VDB-217446 is the identifier assigned to this vulnerability.
Mögliche Gegenmaßnahme
Taxonomy Switcher: Update to version 1.0.4, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Webdevstudios ≫ Taxonomy Switcher SwPlatformwordpress Version < 1.0.4
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Taxonomy Switcher
Version
*-1.0.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.64% | 0.457 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| cna@vuldb.com | 3.5 | 2.1 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
|
| cna@vuldb.com | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://github.com/WebDevStudios/taxonomy-switcher/commit/e1a0d99f936e7427b31e210c67aeb4833d804099
https://github.com/WebDevStudios/taxonomy-switcher/releases/tag/1.0.4
https://vuldb.com/?ctiid.217446
https://vuldb.com/?id.217446
https://www.wordfence.com/threat-intel/vulnerabilities/id/8f7edb22-1441-4cac-9899-cd27dc313870