← voltar
CVE-2021-25105

Ivory Search < 5.4.1 - Multiple Admin+ Stored Cross-Site Scripting

EPSS 0.6%CWE-79
The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Produtos afetados
Unknown · Ivory Search – WordPress Search Plugin

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://wpscan.com/vulnerability/a9ab9e84-7f5e-4e7c-8647-114d9e02e59f