Lucene search
Fuzzyap1WPEX-ID:69B178F3-5951-4879-9BBE-183951D002ECHistoryFeb 21, 2022 - 12:00 a.m.
WP Home Page Menu < 3.1 - Admin+ Stored Cross-Site Scripting
2022-02-2100:00:00
fuzzyap1
88
wordpress
admin
stored xss
EPSS
0.001
Percentile
21.4%
The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Put the following payload in any of text field settings of the plugin (such as 'Home Page Menu Label'): "><svg onload=alert(/XSS/)>Related
prion
prion
Cross site scripting
2022-03-14 15:15:00
cnvd
cnvd
WordPress WP Home Page Menu plugin cross-site scripting vulnerability
2022-03-16 00:00:00
cve
cve
CVE-2022-0684
2022-03-14 15:15:10
cvelist
cvelist
CVE-2022-0684 WP Home Page Menu < 3.1 - Admin+ Stored Cross-Site Scripting
2022-03-14 14:41:45
nvd
nvd
CVE-2022-0684
2022-03-14 15:15:10
patchstack
patchstack
wpvulndb
wpvulndb
WP Home Page Menu < 3.1 - Admin+ Stored Cross-Site Scripting
2022-02-21 00:00:00