Lucene search
Lana CodesWPVDB-ID:10F7E892-7A91-4292-B03E-6AD75756488BHistoryJan 24, 2023 - 12:00 a.m.
Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting
2023-01-2400:00:00
Lana Codes
wpscan.com
13
spectra plugin
stored cross-site scripting
gutenberg blocks
user input
html attribute
contact form 7
EPSS
0.001
Percentile
25.5%
The plugin does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin’s Gutenberg blocks.
PoC
Note: The exploit requires the Contact Form 7 plugin. Exploit Additional CSS class(es) for “Contact Form 7 Styler” Gutenberg block: " onmouseover=“alert(1)” style=“background:red;”
Related
prion
prion
Cross site scripting
2023-02-21 09:15:00
cvelist
cvelist
CVE-2020-36656 Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting
2023-02-21 08:50:37
cve
cve
CVE-2020-36656
2023-02-21 09:15:10
nvd
nvd
CVE-2020-36656
2023-02-21 09:15:10
wpexploit
wpexploit
Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting
2023-01-24 00:00:00