Lucene search
Dipak Panchal (th3.d1pak)WPVDB-ID:0A0ECDFF-C961-4947-BF7E-BD2392501E33HistoryJul 17, 2023 - 12:00 a.m.
Bubble Menu < 3.0.5 - Admin+ Stored XSS
2023-07-1700:00:00
Dipak Panchal (th3.d1pak)
wpscan.com
2
plugin vulnerability
stored xss
admin privilege
unfiltered html
multisite setup
javascript payload
0.0004 Low
EPSS
Percentile
14.1%
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).
PoC
1. Click on the “Add new” tab. 2. Select the “Menu” tab. 3. Enter the javascript payload in the “Link” field: javascript:alert(/XSS/); 4. Save it, visit the site, and click on the bubble menu.
| CPE | Name | Operator | Version |
|---|---|---|---|
| bubble-menu | eq | 3.0.5 |
Related
cve
cve
CVE-2023-3650
2023-08-07 15:15:11
cvelist
cvelist
CVE-2023-3650 Bubble Menu < 3.0.5 - Admin+ Stored XSS
2023-08-07 14:31:19
wpexploit
wpexploit
Bubble Menu < 3.0.5 - Admin+ Stored XSS
2023-07-17 00:00:00
prion
prion
Cross site scripting
2023-08-07 15:15:00
nvd
nvd
CVE-2023-3650
2023-08-07 15:15:11