Lucene search
Ameen AlkurdyWPEX-ID:87CE3C59-B234-47BF-ABCA-E690B53BBE82HistoryApr 03, 2023 - 12:00 a.m.
WP FEvents Book <= 0.46 - Subscriber+ Stored XSS
2023-04-0300:00:00
Ameen Alkurdy
46
wordpress
fevents book
stored xss
subscriber role
security exploit
0.001 Low
EPSS
Percentile
23.5%
The plugin does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks
1. Create an event page using the plugin.
2. Access the page using an account with Subscriber role.
3. In the 'User notes' section, inject the following XSS payload: `<img src=q onerror=prompt(/XSS/)>`
Related
wpvulndb
wpvulndb
WP FEvents Book <= 0.46 - Subscriber+ Stored XSS
2023-04-03 00:00:00
cve
cve
CVE-2023-1126
2023-04-24 19:15:09
prion
prion
Cross site scripting
2023-04-24 19:15:00
cvelist
cvelist
CVE-2023-1126 WP FEvents Book <= 0.46 - Subscriber+ Stored XSS
2023-04-24 18:30:55
nvd
nvd
CVE-2023-1126
2023-04-24 19:15:09
wordfence
wordfence