关键信息 漏洞概述 名称: Landing Page Builder < 1.4.9.6 - Authenticated Reflected Cross-Site Scripting (XSS) 描述: 该插件在 ulpb_post 管理页面的 page-builder-add 区域受到反射型 XSS 影响。 影响的插件 插件: page-builder-add 修复版本: 1.4.9.6 参考链接 CVE: CVE-2021-25067 分类 类型: XSS OWASP Top 10: A7: Cross-Site Scripting (XSS) CWE: CWE-79 CVSS: 6.1 (中等) 其他信息 发现者: Krzysztof Zając 提交者网站: https://kazet.cc/ 已验证: Yes WPVDB ID: 365007f0-61ac-4e81-8a3a-3a068f2c84bc 时间线 公开发布日期: 2021-12-16 添加日期: 2021-12-16 最后更新日期: 2022-04-08 其他相关漏洞 Volunteer Sign Up Sheets < 5.5.5 - Authenticated (Admin+) Stored Cross-Site Scripting Ultimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS) Save as Image < 3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting CP Blocks < 1.0.15 - Admin+ Stored Cross-Site Scripting WP Church Center <= 1.3.3 - Reflected Cross-Site Scripting