Lucene search
China National Vulnerability DatabaseCNVD-2022-86364HistoryNov 30, 2022 - 12:00 a.m.
WordPress Simple:Press plugin has cross-site scripting vulnerability
2022-11-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
wordpress
simple:press
plugin
cross-site scripting
vulnerability
php
parameter filtering
profile signature
attack
0.001 Low
EPSS
Percentile
19.6%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Simple:Press 6.8 and earlier versions have a cross-site scripting vulnerability that stems from the “postitem” parameter during profile saving operations when modifying profile signatures. " parameter during the profile save operation when modifying the profile signature lacks effective filtering and escaping of user-supplied data, which can be exploited by attackers to launch cross-site scripting attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress simple:press plugin | le | 6.8 |
Related
prion
prion
Cross site scripting
2022-11-29 21:15:00
wpvulndb
wpvulndb
Simple:Press < 6.8.1 - Subscriber+ Stored XSS via Profile Signatures
2022-11-29 00:00:00
cvelist
cvelist
CVE-2022-4028
2022-11-29 20:08:35
nvd
nvd
CVE-2022-4028
2022-11-29 21:15:11
cve
cve
CVE-2022-4028
2022-11-29 21:15:11