Lucene search
Bob MatyasWPEX-ID:76E000E0-314F-4E39-8871-68BF8CC95B22HistoryApr 24, 2024 - 12:00 a.m.
month name translation benaceur < 2.3.8 - Admin+ Stored XSS
2024-04-2400:00:00
Bob Matyas
33
security
vulnerability
exploit
update
xss
may 08 2024
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
1. Go to https://example.com/wp-admin/options-general.php?page=month-name-translation-benaceur
2. For the name of the month "January" add the payload `"><script>alert(1)></script>
3. Click "Save Changes" and see the XSSRelated
vulnrichment
vulnrichment
CVE-2024-3634 month name translation benaceur < 2.3.8 - Admin+ Stored XSS
2024-05-15 06:00:04
nvd
nvd
CVE-2024-3634
2024-05-15 06:15:13
wpvulndb
wpvulndb
month name translation benaceur < 2.3.8 - Admin+ Stored XSS
2024-04-24 00:00:00
cvelist
cvelist
CVE-2024-3634 month name translation benaceur < 2.3.8 - Admin+ Stored XSS
2024-05-15 06:00:04
cve
cve
CVE-2024-3634
2024-05-15 06:15:13
wordfence
wordfence
AI Score
5.7
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPEX-ID:76E000E0-314F-4E39-8871-68BF8CC95B22