Lucene search
Lana CodesWPEX-ID:10F7E892-7A91-4292-B03E-6AD75756488BHistoryJan 24, 2023 - 12:00 a.m.
Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting
2023-01-2400:00:00
Lana Codes
172
spectra 1.15.0 cross-site scripting contact form 7 styler block exploit_css class_alert background red
EPSS
0.001
Percentile
25.5%
The plugin does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the pluginโs Gutenberg blocks.
Note: The exploit requires the Contact Form 7 plugin.
Exploit Additional CSS class(es) for โContact Form 7 Stylerโ Gutenberg block:
" onmouseover="alert(1)" style="background:red;"Related
prion
prion
Cross site scripting
2023-02-21 09:15:00
cvelist
cvelist
CVE-2020-36656 Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting
2023-02-21 08:50:37
cve
cve
CVE-2020-36656
2023-02-21 09:15:10
nvd
nvd
CVE-2020-36656
2023-02-21 09:15:10
wpvulndb
wpvulndb
Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting
2023-01-24 00:00:00