Lucene search
Vinay Varma MudunuriWPEX-ID:48252FFB-F21C-4E2A-8F78-BDC7164E7347HistoryMay 09, 2022 - 12:00 a.m.
No Future Posts <= 1.4 - Admin+ Stored Cross-Site Scripting
2022-05-0900:00:00
Vinay Varma Mudunuri
66
admin+ stored cross-site scripting
plugin settings
exploit payload
EPSS
0.001
Percentile
24.8%
The plugin does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed
Put the following payload in any of the plugin's settings (such as Exclude posts IDs) and save: " autofocus onfocus=alert(/XSS/)//Related
cvelist
cvelist
CVE-2022-1387 No Future Posts <= 1.4 - Admin+ Stored Cross-Site Scripting
2022-05-30 08:35:44
wpvulndb
wpvulndb
No Future Posts <= 1.4 - Admin+ Stored Cross-Site Scripting
2022-05-09 00:00:00
patchstack
patchstack
cve
cve
CVE-2022-1387
2022-05-30 09:15:09
prion
prion
Cross site scripting
2022-05-30 09:15:00
nvd
nvd
CVE-2022-1387
2022-05-30 09:15:09