Lucene search
Th3.d1p4kWPEX-ID:88869380-173D-4D4F-81D8-3C20ADD5F98DHistoryMay 16, 2022 - 12:00 a.m.
FiboSearch < 1.18.0 - Admin+ Stored Cross-Site Scripting
2022-05-1600:00:00
th3.d1p4k
96
0.001 Low
EPSS
Percentile
25.0%
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
Put the following payload in the Woocommerce > FiboSearch > Autocomplete > Products -> "No results label" or "More results label" fields and save: <svg/onload=confirm(/XSS/)>Related
cve
cve
CVE-2022-1469
2022-06-08 10:15:09
patchstack
patchstack
wpvulndb
wpvulndb
FiboSearch < 1.18.0 - Admin+ Stored Cross-Site Scripting
2022-05-16 00:00:00
openvas
openvas
WordPress FiboSearch Plugin < 1.17.0 XSS Vulnerability
2023-04-21 00:00:00
cvelist
cvelist
CVE-2022-1469 FiboSearch < 1.18.0 - Admin+ Stored Cross-Site Scripting
2022-06-06 08:51:02
nvd
nvd
CVE-2022-1469
2022-06-08 10:15:09
cnvd
cnvd
WordPress FiboSearch plugin跨站脚本漏洞
2022-06-13 00:00:00
prion
prion
Cross site scripting
2022-06-08 10:15:00