Lucene search
Anurag BhoirWPEX-ID:A9918DFD-389C-43EB-AFCC-03D29B42B369HistoryAug 31, 2022 - 12:00 a.m.
Wordlift < 3.37.2 - Admin+ Stored Cross-Site Scripting
2022-08-3100:00:00
Anurag Bhoir
182
0.001 Low
EPSS
Percentile
25.0%
The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
- Go to publisher and select Create a New Publisher
- Add publisher name "><img src=x onerror=confirm(document.cookie)>
- Click on Save Changes
- Now after loading the page wait for few seconds and you will get popup with your cookiesRelated
cnvd
cnvd
WordPress WordLift Cross-Site Scripting Vulnerability
2022-09-28 00:00:00
cve
cve
CVE-2022-3069
2022-09-26 13:15:10
nvd
nvd
CVE-2022-3069
2022-09-26 13:15:10
cvelist
cvelist
CVE-2022-3069 Wordlift < 3.37.2 - Admin+ Stored Cross-Site Scripting
2022-09-26 12:35:39
prion
prion
Cross site scripting
2022-09-26 13:15:00
wpvulndb
wpvulndb
Wordlift < 3.37.2 - Admin+ Stored Cross-Site Scripting
2022-08-31 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0303)
2022-08-26 00:00:00
mageia
mageia
Updated unbound packages fix security vulnerability
2022-08-26 00:21:07