ГлавнаяУязвимости → CVE-2024-13862
7.1высокая

CVE-2024-13862

Описание

The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Затрагиваемое ПО
S3bubble S3bubble-amazon-web-services-oembed-media-streaming-support
CVSS
Балл7.1 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Источники
https://wpscan.com/vulnerability/7692b768-a33f-45a2-90f1-1f4258493979/https://wpscan.com/vulnerability/7692b768-a33f-45a2-90f1-1f4258493979/