CVE-2022-2118 in 404s Plugininformation

Résumé

par MITRE • 17/07/2022

The 404s WordPress plugin before 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Réserver

17/06/2022

Divulgation

17/07/2022

Modérer

accepté

Entrée

VDB-204020

CPE

prêt

EPSS

0.00493

KEV

non

Activités

très faible

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!