Lucene search
Lana CodesWPEX-ID:5754A4FD-1ADF-47AA-976F-3B28750058C2HistoryJan 16, 2023 - 12:00 a.m.
Contextual Related Posts < 3.3.1 - Contributor+ Stored XSS
2023-01-1600:00:00
Lana Codes
166
stored xss
contributor+
contextual related posts
css classes
EPSS
0.001
Percentile
25.5%
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
1. Insert a "Contextual Related Posts" block, and give it the following additional CSS classes: " onmouseover="alert(1)" style="background:red;"
2. Hover over the block where it's inserted to trigger the XSSRelated
prion
prion
Cross site scripting
2023-02-06 20:15:00
cvelist
cvelist
CVE-2023-0252 Contextual Related Posts < 3.3.1 - Contributor+ Stored XSS
2023-02-06 19:59:49
nvd
nvd
CVE-2023-0252
2023-02-06 20:15:14
wpvulndb
wpvulndb
Contextual Related Posts < 3.3.1 - Contributor+ Stored XSS
2023-01-16 00:00:00
cve
cve
CVE-2023-0252
2023-02-06 20:15:14