5.4
CVE-2024-0756
- EPSS 0.18%
- Veröffentlicht 04.06.2024 15:15:44
- Zuletzt bearbeitet 03.03.2026 18:16:21
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginInsert or Embed Articulate Content into WordPress <= 4.3000000023 - Authenticated (Author+) Stored Cross-Site Scripting via Code Injection
The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page.
Mögliche Gegenmaßnahme
Insert or Embed Articulate Content into WordPress: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Insert or Embed Articulate Content into WordPress
Version
*-4.3000000023
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Elearningfreak ≫ Insert Or Embed Articulate Content SwPlatformwordpress Version <= 4.3000000023
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.388 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 3.5 | 2.1 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.