6.1
CVE-2021-25086
- EPSS 21.64%
- Veröffentlicht 02.05.2022 16:15:08
- Zuletzt bearbeitet 21.11.2024 05:54:19
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginAdvanced Page Visit Counter <= 5.0.8 - Unauthenticated Cross-Site Scripting
The Advanced Page Visit Counter WordPress plugin before 6.1.2 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it
Mögliche Gegenmaßnahme
Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: Update to version 6.0.0, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress
Version
* - 5.0.8
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Advanced Page Visit Counter Project ≫ Advanced Page Visit Counter SwPlatformwordpress Version < 6.1.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 21.64% | 0.955 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.