6.1

CVE-2015-10128

rt-prettyphoto Plugin rt-prettyphoto.php royal_prettyphoto_plugin_links cross site scripting

Royal PrettyPhoto <= 1.2 - Authenticated Stored Cross-Site Scripting

A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is the function royal_prettyphoto_plugin_links of the file rt-prettyphoto.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3 is able to address this issue. The patch is identified as 0d3d38cfa487481b66869e4212df1cefc281ecb7. It is recommended to upgrade the affected component. VDB-249422 is the identifier assigned to this vulnerability.
Mögliche Gegenmaßnahme
Royal PrettyPhoto: Update to version 1.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RoyaltechbdRoyal Prettyphoto SwPlatformwordpress Version < 1.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Royal PrettyPhoto
Version *-1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.46% 0.366
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cna@vuldb.com 3.5 2.1 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
cna@vuldb.com 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/wp-plugins/rt-prettyphoto/commit/0d3d38cfa487481b66869e4212df1cefc281ecb7
Patch
https://vuldb.com/?ctiid.249422
Third Party Advisory
https://vuldb.com/?id.249422
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/62de6922-f3f2-4996-a749-2d6d3a8be042
Third Party Advisory