Unpatched High-Severity Vulnerability in Widget Settings Importer/Exporter Plugin
|
Información sobre el sistema
|
|
|
Software afectado |
Wordpress |
Descripción
|
On March 12, 2020, our Threat Intelligence team discovered a stored Cross-Site Scripting (XSS) vulnerability in Widget Settings Importer/Exporter, a WordPress plugin with over 40,000 installations. This flaw allowed an authenticated attacker with minimal, subscriber-level permissions to import and activate custom widgets containing arbitrary JavaScript into a site with the plugin installed. We reached out […]
More info:
https://www.wordfence.com/blog/2020/04/unpatched-high-severity-vulnerability-in-widget-settings-importer-exporter-plugin/ |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
|