CVE-2024-8968 - CERT CVE
ID CVE-2024-8968
Sažetak The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Reference
CVSS
Base: 4.7
Impact: 1.4
Exploitability:2.8
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
LOW NONE NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Zadnje važnije ažuriranje 20-12-2024 - 17:15
Objavljeno 20-12-2024 - 06:15