Lucene search
Lana CodesWPEX-ID:00C34BA8-B82E-4BB9-90B1-1AFEFAE75948HistoryJan 06, 2023 - 12:00 a.m.
Blog Designer – Post and Widget < 2.4.1 - Contributor+ Stored XSS via Shortcode
2023-01-0600:00:00
Lana Codes
61
xss
stored
shortcode
exploit
post slider
0.001 Low
EPSS
Percentile
23.3%
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Exploit shortcode:
[wpspw_recent_post_slider design='" onmouseover="alert(1)" style="background:red;"']Related
prion
prion
Cross site scripting
2023-01-30 21:15:00
nvd
nvd
CVE-2022-4793
2023-01-30 21:15:12
cvelist
cvelist
wpvulndb
wpvulndb
cve
cve
CVE-2022-4793
2023-01-30 21:15:12