custom-404-pro Plugin do 3.2.7 na WordPress Reflected cross site scripting

wpiseditHistoryDiffjsonxmlCTI

W custom-404-pro Plugin do 3.2.7 na WordPress (WordPress Plugin) została odkryta podatność. Problemem dotknięta jest nieznana funkcja. Aktualizacja do wersji 3.2.8 eliminuje tę podatność.

Pole2019-08-31 07:502020-08-10 18:06
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
titlewordReflectedReflected
date1567123200 (2019-08-30)1567123200 (2019-08-30)
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
upgrade_version3.2.83.2.8
cveCVE-2019-15838CVE-2019-15838
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
cvss3_nvd_basescore6.16.1
namecustom-404-pro Plugincustom-404-pro Plugin
version<=3.2.7<=3.2.7
platformWordPressWordPress
risk11
cvss2_vuldb_basescore4.34.3
cvss2_vuldb_tempscore3.73.7
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss3_meta_basescore5.25.2
cvss3_meta_tempscore4.94.9
cvss3_vuldb_basescore4.34.3
cvss3_vuldb_tempscore4.14.1
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aN
cve_assigned1567036800
cve_nvd_summaryThe custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789.
typeWordPress Plugin
cwe079 (cross site scripting)
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciN
cvss2_nvd_iiP
cvss2_nvd_aiN

Interested in the pricing of exploits?

See the underground prices here!