Lucene search
WPScanCVELIST:CVE-2020-36656HistoryFeb 21, 2023 - 8:50 a.m.
CVE-2020-36656 Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting
2023-02-2108:50:37
WPScan
www.cve.org
3
spectra
xss
vulnerability
wordpress
plugin
gutenberg
EPSS
0.001
Percentile
25.5%
The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin’s Gutenberg blocks.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Spectra",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.15.0"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Cross site scripting
2023-02-21 09:15:00
cve
cve
CVE-2020-36656
2023-02-21 09:15:10
nvd
nvd
CVE-2020-36656
2023-02-21 09:15:10
wpvulndb
wpvulndb
Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting
2023-01-24 00:00:00
wpexploit
wpexploit
Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting
2023-01-24 00:00:00