Lucene search
EmadWPEX-ID:E866A214-A142-43C7-B93D-FF2301A3E432HistorySep 25, 2023 - 12:00 a.m.
PowerPress Podcasting < 11.0.12 - Contributor+ Stored XSS
2023-09-2500:00:00
emad
22
powerpress podcasting
stored xss
contributor+
media url
exploit
Description The plugin does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin.
Add the following payload to the Media URL field:
<img src=x onerror=alert(origin)> <svg onload=alert(origin)>Related
nvd
nvd
CVE-2023-4820
2023-10-16 20:15:16
wpvulndb
wpvulndb
PowerPress Podcasting < 11.0.12 - Contributor+ Stored XSS
2023-09-25 00:00:00
prion
prion
Code injection
2023-10-16 20:15:00
cvelist
cvelist
CVE-2023-4820 PowerPress Podcasting < 11.0.12 - Contributor+ Stored XSS
2023-10-16 19:39:21
cve
cve
CVE-2023-4820
2023-10-16 20:15:16
7.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.0%
Related for WPEX-ID:E866A214-A142-43C7-B93D-FF2301A3E432