CVE-2025-28253
CVE-2025-28253
Título es
CVE-2025-28253
Jue, 27/03/2025 – 23:15
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2025-28253
Descripción en
Cross-Site Scripting (XSS) vulnerability in MainWP MainWP Dashboard v5.3.4 exists in class/class-mainwp-post-handler.php, where unsanitized user input from $_POST['sites'], $_POST['clients'], and $_POST['search'] is passed into the MainWP_User::render_table function. Despite using sanitize_text_field and wp_unslash, the values are not adequately protected against HTML or script injection. This flaw could allow an attacker to inject malicious scripts.
28/03/2025
28/03/2025
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis
Enviar en el boletín
Off
