Vulnerability Description
A cross-site scripting (XSS) vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through the file import workflow.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Directoriespro | Directories Pro | < 1.3.46 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/160452/WordPress-DirectoriesPro-1.3.45-CrosExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2020/Dec/15ExploitMailing ListThird Party Advisory
- https://directoriespro.com/directories-pro-1-3-46/Release NotesVendor Advisory
- https://www.themissinglink.com.au/security-advisories-cve-2020-29304Third Party Advisory
- http://packetstormsecurity.com/files/160452/WordPress-DirectoriesPro-1.3.45-CrosExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2020/Dec/15ExploitMailing ListThird Party Advisory
- https://directoriespro.com/directories-pro-1-3-46/Release NotesVendor Advisory
- https://www.themissinglink.com.au/security-advisories-cve-2020-29304Third Party Advisory
FAQ
What is CVE-2020-29304?
CVE-2020-29304 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A cross-site scripting (XSS) vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a sp...
How severe is CVE-2020-29304?
CVE-2020-29304 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-29304?
Check the references section above for vendor advisories and patch information. Affected products include: Directoriespro Directories Pro.