CVE-2020-25375
Last modified
CVE-2020-25375 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field, Email field, and Skype field.. EPSS estimates a 0.72% chance of exploitation in the next 30 days.
Description
Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field, Email field, and Skype field.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Softrade | Wp Smart Crm \& Invoices | 1.8.7 |
References
- https://zeroaptitude.com/misha/wordpress-plugin-bug-hunting-part-2Exploit, Third Party Advisory, URL Repurposed
- https://zeroaptitude.com/misha/wordpress-plugin-bug-hunting-part-2Exploit, Third Party Advisory, URL Repurposed
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-25375?
How severe is CVE-2020-25375?
How do I fix CVE-2020-25375?
Are you affected by CVE-2020-25375?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST