eID Easy < 4.7 - Reflected Cross-Site Scripting

2021-09-1700:00:00

wpscan.com

0.001 Low

EPSS

Percentile

29.3%

JSON

The plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts.

CPENameOperatorVersion
smart-idlt4.7

CPE	Name	Operator	Version
	smart-id	lt	4.7

References

www.wordfence.com/vulnerability-advisories/#CVE-2021-34650

0.001 Low

EPSS

Percentile

29.3%

JSON

Related for WPVDB-ID:03F39571-CCE0-49C9-9C27-251A259B4D85