CVE-2020-8799

EPSS 0.19%
Veröffentlicht 05.05.2020 16:15:11
Zuletzt bearbeitet 21.11.2024 05:39:27
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

WTI Like Post <= 1.4.5 - Stored Cross-Site Scripting

A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website.

Mögliche Gegenmaßnahme

WTI Like Post: Update to version 1.4.6, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WTI Like Post

Version [*, 1.4.6)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Webtechideas ≫ Wti Like Post SwPlatformwordpress Version <= 1.4.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.406

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.8	1.7	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://wordpress.org/plugins/wti-like-post/#developers

Third Party Advisory

Product

https://wpvulndb.com/vulnerabilities/10210

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/21dd21cb-35b7-47df-a9f0-6fd92c45a8ce

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-8799

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8799

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8799

EUVD