Lucene search
Lana CodesWPEX-ID:2AB59972-CCFD-48F6-B879-58FB38823CA5HistoryJan 04, 2023 - 12:00 a.m.
Themify Shortcodes < 2.0.8 - Contributor+ Stored XSS via Shortcode
2023-01-0400:00:00
Lana Codes
54
themify shortcodes
contributor+
stored xss
exploit
shortcode
0.001 Low
EPSS
Percentile
23.5%
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Exploit shortcode:
[themify_button color='red" onmouseover="alert(1)"']XSS[/themify_button]Related
cve
cve
CVE-2022-4787
2023-01-30 21:15:12
cvelist
cvelist
prion
prion
Cross site scripting
2023-01-30 21:15:00
nvd
nvd
CVE-2022-4787
2023-01-30 21:15:12
wpvulndb
wpvulndb
Themify Shortcodes < 2.0.8 - Contributor+ Stored XSS via Shortcode
2023-01-04 00:00:00