Lucene search
Vaibhav KoliWPVDB-ID:10FDC464-0DDC-4919-8F21-969FFF854011HistoryOct 25, 2021 - 12:00 a.m.
EditableTable <= 0.1.4 - Admin+ Stored Cross-Site Scripting
2021-10-2500:00:00
Vaibhav Koli
wpscan.com
2
0.001 Low
EPSS
Percentile
25.0%
The plugin does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
PoC
Create a new EDTB and put the following payload in the Table Name, Column Name or Column Label: ">
| CPE | Name | Operator | Version |
|---|---|---|---|
| editable-table | eq | * |
Related
patchstack
patchstack
wpexploit
wpexploit
EditableTable <= 0.1.4 - Admin+ Stored Cross-Site Scripting
2021-10-25 00:00:00
cnvd
cnvd
WordPress EditableTable plugin cross-site scripting vulnerability
2022-03-02 00:00:00
prion
prion
Cross site scripting
2022-02-28 09:15:00
cvelist
cvelist
CVE-2021-24898 EditableTable <= 0.1.4 - Admin+ Stored Cross-Site Scripting
2022-02-28 09:06:15
nvd
nvd
CVE-2021-24898
2022-02-28 09:15:07
cve
cve
CVE-2021-24898
2022-02-28 09:15:07