CVE-2024-6158 in Category Posts Widget Plugin정보

요약

\~에 의해 MITRE • 2024. 08. 12.

The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its "Category Posts" widget settings before outputting them back in a page/post where the Widget is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

책임이 있는

WPScan

예약하다

2024. 06. 19.

모더레이션

수락

항목

VDB-274055

EPSS

0.00415

출처

Might our Artificial Intelligence support you?

Check our Alexa App!