Lucene search
Juampa RodríguezWPEX-ID:0F1C1F1C-ACDD-4C8A-BD5E-A21F4915E69FHistoryJun 19, 2023 - 12:00 a.m.
Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting
2023-06-1900:00:00
Juampa Rodríguez
906
accessibility button cross-site scripting admin+ plugin security vulnerability stored payload exploit
0.001 Low
EPSS
Percentile
19.6%
Description The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
1. In the plugin's "Quick Start" field, add the payload: `"><script>alert(/XSS/)</script>`
2. Save the changes, submit the request and you will see the XSS exploit.Related
cvelist
cvelist
prion
prion
Cross site scripting
2023-07-10 16:15:00
nvd
nvd
CVE-2023-2028
2023-07-10 16:15:50
wpvulndb
wpvulndb
Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting
2023-06-19 00:00:00
cve
cve
CVE-2023-2028
2023-07-10 16:15:50