Lucene search
Lana CodesWPVDB-ID:14B4F0C5-C7B1-4AC4-8C9C-F8C35CA5DE4AHistoryJan 23, 2023 - 12:00 a.m.
Spotlight Social Feeds < 1.4.3 - Contributor+ Stored XSS
2023-01-2300:00:00
Lana Codes
wpscan.com
11
spotlight social feeds
version 1.4.3
stored xss
contributor role
cross-site scripting
instagram feed
security vulnerability
software
EPSS
0.001
Percentile
25.5%
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PoC
Exploit Additional CSS class(es) for “Spotlight Instagram Feed” Gutenberg block: " onmouseover=“alert(1)” style=“background:red;” Note: First, you need to add a Feed with an Instagram account connection.
Related
prion
prion
Cross site scripting
2023-02-13 15:15:00
cvelist
cvelist
CVE-2023-0379 Spotlight Social Feeds < 1.4.3 - Contributor+ Stored XSS
2023-02-13 14:31:59
cve
cve
CVE-2023-0379
2023-02-13 15:15:22
nvd
nvd
CVE-2023-0379
2023-02-13 15:15:22
wpexploit
wpexploit
Spotlight Social Feeds < 1.4.3 - Contributor+ Stored XSS
2023-01-23 00:00:00