Lucene search
Erwan LR (WPScan)WPEX-ID:CF323F72-8374-40FE-9E2E-810E46DE1EC8HistoryNov 20, 2023 - 12:00 a.m.
EmbedPress < 3.9.2 - Reflected XSS
2023-11-2000:00:00
Erwan LR (WPScan)
37
embedpress
3.9.2
reflected xss
customthumbnail
logged in admin
url
exploit
Description The plugin does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
On a post/page where containing the following output (which can be as txt in the post content): "id":""customThumbnail":"", make a logged in admin open the URL below:
https://example.com/related-page-post/?hash=*(?:'><svg%20onload=alert(`XSS`)>)*Related
wpvulndb
wpvulndb
EmbedPress < 3.9.2 - Reflected XSS
2023-11-20 00:00:00
prion
prion
Cross site scripting
2023-12-11 20:15:00
cvelist
cvelist
CVE-2023-5750 EmbedPress < 3.9.2 - Reflected XSS
2023-12-11 19:22:38
cve
cve
CVE-2023-5750
2023-12-11 20:15:07
nvd
nvd
CVE-2023-5750
2023-12-11 20:15:07
6.5 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%
Related for WPEX-ID:CF323F72-8374-40FE-9E2E-810E46DE1EC8