2 matches found
CVE-2020-13487
The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?posttype=forum aka the Forum listing page for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI...
CVE-2020-13487
The vulnerability is in the bbPress WordPress plugin up to version 2.6.4, where stored XSS exists in the Forum creation section. The issue allows JavaScript execution in the admin interface (wp-admin/edit.php?post_type=forum) and is exploitable by an administrator via the wp-admin/post.php?action...