Lucene search
Kevin Barbón GarcíaWPVDB-ID:078BD5F6-64F7-4665-825B-9FD0C2B7B91BHistoryApr 12, 2022 - 12:00 a.m.
Themify - Post Type Builder Search Addon < 1.4.0 - Reflected Cross-Site Scripting
2022-04-1200:00:00
Kevin Barbón García
wpscan.com
3
0.001 Low
EPSS
Percentile
40.3%
The plugin does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability.
PoC
On a page or post with a search form, add the following url query parameter: ?%22%3E%3Cscript%3Ealert(1)%3C/script%3E
| CPE | Name | Operator | Version |
|---|---|---|---|
| themify-ptb-search | lt | 1.4.0 |
Related
wpexploit
wpexploit
cve
cve
CVE-2022-1047
2022-05-09 17:15:08
patchstack
patchstack
cvelist
cvelist
prion
prion
Cross site scripting
2022-05-09 17:15:00
nvd
nvd
CVE-2022-1047
2022-05-09 17:15:08