Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitPaolo EliaWPEX-ID:2E78735A-A7FC-41FE-8284-45BF451EFF06
HistoryJun 19, 2023 - 12:00 a.m.

Multiple Plugins - Cross-Site Scripting From Third-party Library

2023-06-1900:00:00
Paolo Elia
76
third-party library
reflected xss
plugin settings
webp image
images
page visit
stored xss
post content
frontend exploit

EPSS

0.001

Percentile

30.2%

JSON

The plugins use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability.

WP-Optimize - Reflected Cross-Site Scripting

1. Go to the plugin settings and in the "Images" section check the box "Create WebP version of image".
2. Visit the page: /?s=<script>alert(/XSS/)</script>

SrbTransLatin - Contributor+ Stored Cross-Site Scripting

1. Create a post and add the following content: <script>alert(/XSS/)</script>
2. Load the post on the frontend, and see the XSS alert.

Related

cvelist 1
nvd 1
wpvulndb 1
prion 1
cve 1
openvas 1
wordfence 1
cvelist
cvelist
CVE-2023-1119 Multiple Plugins - Cross-Site Scripting From Third-party Library
2023-07-10 12:40:23
nvd
nvd
CVE-2023-1119
2023-07-10 16:15:48
wpvulndb
wpvulndb
Multiple Plugins - Cross-Site Scripting From Third-party Library
2023-06-19 00:00:00
prion
prion
Cross site scripting
2023-07-10 16:15:00
cve
cve
CVE-2023-1119
2023-07-10 16:15:48
openvas
openvas
WordPress WP-Optimize Plugin < 3.2.13 XSS Vulnerability
2023-07-12 00:00:00
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 3, 2023 to July 9, 2023)
2023-07-13 16:59:37

EPSS

0.001

Percentile

30.2%

JSON
Related for WPEX-ID:2E78735A-A7FC-41FE-8284-45BF451EFF06
cvelist1nvd1wpvulndb1prion1cve1openvas1wordfence1