Cross site scripting

2023-01-1616:15:00

PRIOn knowledge base

www.prio-n.com

convertkit wordpress plugin

cross-site scripting

stored xss

low-role users

security vulnerability

0.001 Low

EPSS

Percentile

23.5%

JSON

The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins.

CPENameOperatorVersion
convertkit_-_email_marketing\\,_email_newsletter_and_landing_pageslt2.0.5

CPE	Name	Operator	Version
	convertkit_-_email_marketing\\,_email_newsletter_and_landing_pages	lt	2.0.5

References

wpscan.com/vulnerability/5101a979-7a53-40bf-8988-6347ef851eab

0.001 Low

EPSS

Percentile

23.5%

JSON

Related for PRION:CVE-2022-4508