CVE-2020-8498

CVE-2020-8498

XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability).

Source: CVE-2020-8498

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다