Lucene search

K
wpvulndbWpvulndbWPVDB-ID:051B036D-1A10-42D7-A69C-15870804FA92
HistoryApr 01, 2024 - 12:00 a.m.

Molongui < 4.7.8 - Authenticated (Author+) Stored Cross-Site Scripting

2024-04-0100:00:00
wpscan.com
6
molongui plugin
wordpress
vulnerability
stored cross-site scripting
input sanitization
output escaping
authenticated attackers
web scripts

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Description The Molongui plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CPENameOperatorVersion
eq4.7.8

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for WPVDB-ID:051B036D-1A10-42D7-A69C-15870804FA92