Lucene search

GitHub Advisory DatabaseGHSA-QF99-3QRG-G97Q

HistoryMay 14, 2022 - 3:49 a.m.

WPGlobus plugin Stored XSS & CSRF security vulnerability

2022-05-1403:49:04

CWE-79

GitHub Advisory Database

github.com

wpglobus

plugin

wordpress

xss

csrf

security

vulnerability

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

26.0%

JSON

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][post] parameter to wp-admin/options.php.

Affected configurations

Vulners

Node

wpglobuswpglobusRange≤1.9.6

VendorProductVersionCPE
wpglobuswpglobus*cpe:2.3:a:wpglobus:wpglobus:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wpglobus	wpglobus	*	cpe:2.3:a:wpglobus:wpglobus::::::::

References

github.com/advisories/GHSA-qf99-3qrg-g97q

github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md

nvd.nist.gov/vuln/detail/CVE-2018-5367

wpvulndb.com/vulnerabilities/9003

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

26.0%

JSON

Related for GHSA-QF99-3QRG-G97Q