← volver
CVE-2020-36656

Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting

CVSS 5.4 MEDIUMEPSS 0.5%
The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Productos afectados
Unknown · Spectra

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/10f7e892-7a91-4292-b03e-6ad75756488b