Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitWpvulndbWPEX-ID:CBB75383-4351-4488-AACA-DDB0F6F120CD
HistoryMay 09, 2022 - 12:00 a.m.

External Links in New Window / New Tab < 1.43 - Unauthenticated Stored Cross-Site Scripting

2022-05-0900:00:00
wpvulndb
62
unauthenticated stored cross-site scripting
external links
new window

EPSS

0.001

Percentile

40.2%

JSON

The plugin does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible.

On any post on the affected site, add the following link to a comment:

<a href="http://domain.tld/'-alert(1)-'/">Click here for XSS</a>

Click on the link, you should be getting an alert box.

Related

cvelist 1
wpvulndb 1
prion 1
cve 1
nvd 1
cvelist
cvelist
CVE-2022-1582 External Links in New Window / New Tab < 1.43 - Unauthenticated Stored Cross-Site Scripting
2022-05-30 08:36:01
wpvulndb
wpvulndb
External Links in New Window / New Tab < 1.43 - Unauthenticated Stored Cross-Site Scripting
2022-05-09 00:00:00
prion
prion
Cross site scripting
2022-05-30 09:15:00
cve
cve
CVE-2022-1582
2022-05-30 09:15:10
nvd
nvd
CVE-2022-1582
2022-05-30 09:15:10

EPSS

0.001

Percentile

40.2%

JSON
Related for WPEX-ID:CBB75383-4351-4488-AACA-DDB0F6F120CD
cvelist1wpvulndb1prion1cve1nvd1