漏洞编号:CVE-2024-3628
评分:N/A
恶意利用的后果:网页钓鱼、用户信息泄漏
来源:Source WPScan
公布时间:2024-05-07 06:15:09
更新时间:2024-05-07 06:15:09
类型:Cross site scripting (XSS)
描述:The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
影响组件:
参考资料:
https://wpscan.com/vulnerability/171af8eb-ceeb-403a-abc2-969d9535a4c9/
漏洞编号:CVE-2024-3628
评分:N/A
恶意利用的后果:网页钓鱼、用户信息泄漏
来源:世界卫生组织
公布时间:2024-05-07 06:15:09
更新时间:2024-05-07 06:15:09
类型:跨站点脚本
描述:通过1.0.0的EasyEvent WordPress插件不清理和逃避一些设置,即使不允许使用未过滤的html,也可以允许管理员等高权限用户执行跨站点脚本攻击。
影响组件:
参考资料:
https://wpscan.com/vulnerability/171af8eb-ceeb-403a-abc2-969d9535a4c9/