Lucene search
FjowelWPEX-ID:3505481D-141A-4516-BDBB-D4DAD4E1EB01HistorySep 05, 2022 - 12:00 a.m.
SEO Smart Links <= 3.0.1 - Admin+ Stored Cross-Site Scripting
2022-09-0500:00:00
Fjowel
196
seo smart links cross-site scripting whitelisted domains exploit
EPSS
0.001
Percentile
24.8%
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Put the following payload in the "Whitelisted domains for nofollow exclusion" settings of the plugin: </textarea><script>alert(/XSS/)</script>Related
cnvd
cnvd
WordPress SEO Smart Links Cross-Site Scripting Vulnerability
2022-09-28 00:00:00
prion
prion
Cross site scripting
2022-09-26 13:15:00
patchstack
patchstack
cve
cve
CVE-2022-3135
2022-09-26 13:15:11
wpvulndb
wpvulndb
SEO Smart Links <= 3.0.1 - Admin+ Stored Cross-Site Scripting
2022-09-05 00:00:00
cvelist
cvelist
CVE-2022-3135 SEO Smart Links <= 3.0.1 - Admin+ Stored Cross-Site Scripting
2022-09-26 12:35:45
nvd
nvd
CVE-2022-3135
2022-09-26 13:15:11