漏洞类别:CGI
漏洞等级: 
漏洞信息
WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. Page Layout Builder is a layout builder for WordPress.
The vulnerability exists in /page-layout-builder/includes/layout-settings.php source file that fails to sanitize user supplied input received via the 'layout_settings_id' variable. An unauthenticated, remote attacker could exploit this vulnerability by transmitting malicious HTTP GET requests to the targeted system.
Affected Versions:
Page Layout Builder plugin before 1.9.3 for WordPress
漏洞危害
Successful exploitation could allow an attacker to execute arbitrary HTML and script code in a user's browser session under the context of the site. This may allow the attacker to access sensitive browser-based information such as authentication cookies and recently submitted data.
解决方案
N/A
0day
文章评论