Lucene search
Felipe Restrepo Rodriguez, Mateo Gutierrez GomezWPEX-ID:3C114E14-9113-411D-91F3-2E2DAEB40739HistoryMay 08, 2024 - 12:00 a.m.
Gianism <= 5.1.0 - Admin+ Stored XSS
2024-05-0800:00:00
Felipe Restrepo Rodriguez, Mateo Gutierrez Gomez
13
gianism stored xss
admin+
poc
may 22 2024
update
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
1. Go to https://example.com/wp-admin/options-general.php?page=gianism&view=setting
2. In the "URL Prefix" field, enter the payload `<img src=xss onerror=alert(1)>`
3. Save and see the XSSRelated
wpvulndb
wpvulndb
Gianism <= 5.1.0 - Admin+ Stored XSS
2024-05-08 00:00:00
cve
cve
CVE-2024-3921
2024-05-29 06:18:32
cvelist
cvelist
CVE-2024-3921 Gianism <= 5.1.0 - Admin+ Stored XSS
2024-05-29 06:00:02
nvd
nvd
CVE-2024-3921
2024-05-29 06:18:32
wordfence
wordfence
5.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:3C114E14-9113-411D-91F3-2E2DAEB40739