Lucene search
Ngo Van Thien (Alliance project)PATCHSTACK:36A1912AE37528F330105B8338050CC7HistoryApr 26, 2022 - 12:00 a.m.
WordPress Tripetto plugin <= 5.1.4 - Unauthenticated Cross-Site Scripting (XSS) vulnerability via SVG image upload
2022-04-2600:00:00
Ngo Van Thien (Alliance project)
patchstack.com
9
0.001 Low
EPSS
Percentile
26.4%
Unauthenticated Cross-Site Scripting (XSS) vulnerability via SVG image upload discovered by Ngo Van Thien (Patchstack Alliance) in WordPress Tripetto plugin (versions <= 5.1.4).
Solution
Update the WordPress Tripetto plugin to the latest available version (at least 5.2.0).
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress form builder plugin for contact forms, surveys and quizzes – tripetto | le | 5.1.4 |
Related
cvelist
cvelist
wpvulndb
wpvulndb
Tripetto < 5.2.0 - Unauthenticated Stored Cross-Site Scripting
2022-04-26 00:00:00
nvd
nvd
CVE-2021-36895
2022-04-26 19:15:49
cve
cve
CVE-2021-36895
2022-04-26 19:15:49
prion
prion
Cross site scripting
2022-04-26 19:15:00