Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitShivam RaiWPEX-ID:14B29450-2450-4B5F-8630-BB2CBFBD0A83
HistorySep 28, 2021 - 12:00 a.m.

Restaurant Menu by MotoPress < 2.4.2 - Admin+ Stored Cross Site Scripting

2021-09-2800:00:00
Shivam Rai
301
motopress
cross site scripting
admin+
stored cross site scripting
menu items
wordpress

EPSS

0.001

Percentile

24.8%

JSON

The plugin does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

* Click on "Add New" under Restaurant Menu Plugin.
* Give any random title like Testing_XSS
* All fields under Nutrition Facts and Portion Size are susceptible to XSS
 "><script>alert(1)</script>
* XSS will trigger on visits to Menu Items in wp-admin as well as on the Menu Item's public pages.

Related

prion 1
cve 1
nvd 1
cnvd 1
wpvulndb 1
cvelist 1
prion
prion
Cross site scripting
2021-11-01 09:15:00
cve
cve
CVE-2021-24722
2021-11-01 09:15:08
nvd
nvd
CVE-2021-24722
2021-11-01 09:15:08
cnvd
cnvd
WordPress Restaurant Menu by MotoPress Plugin Cross-Site Scripting Vulnerability
2021-11-04 00:00:00
wpvulndb
wpvulndb
Restaurant Menu by MotoPress < 2.4.2 - Admin+ Stored Cross Site Scripting
2021-09-28 00:00:00
cvelist
cvelist
CVE-2021-24722 Restaurant Menu by MotoPress < 2.4.2 - Admin+ Stored Cross Site Scripting
2021-11-01 08:46:12

EPSS

0.001

Percentile

24.8%

JSON
Related for WPEX-ID:14B29450-2450-4B5F-8630-BB2CBFBD0A83
prion1cve1nvd1cnvd1wpvulndb1cvelist1