Lucene search
Krzysztof Zając (CERT PL)WPVDB-ID:15B9AB48-C038-4F2E-B823-1E374BAAE985HistoryDec 04, 2023 - 12:00 a.m.
JSON Content Importer < 1.5.4 - Reflected XSS
2023-12-0400:00:00
Krzysztof Zając (CERT PL)
wpscan.com
2
json content importer
reflected xss
cross-site scripting
admin privilege
security vulnerability
Description The plugin does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PoC
Make a logged in admin open: https://example.com/wp-admin/admin.php?page=unique_jci_menu_slug&tab;="><script>alert(%2FXSS%2F)%3B<%2Fscript>
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 1.5.4 |
Related
wpexploit
wpexploit
JSON Content Importer < 1.5.4 - Reflected XSS
2023-12-04 00:00:00
cvelist
cvelist
CVE-2023-6268 JSON Content Importer < 1.5.4 - Reflected XSS
2023-12-26 18:33:04
prion
prion
Cross site scripting
2023-12-26 19:15:00
nvd
nvd
CVE-2023-6268
2023-12-26 19:15:08
cve
cve
CVE-2023-6268
2023-12-26 19:15:08
5.8 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
Related for WPVDB-ID:15B9AB48-C038-4F2E-B823-1E374BAAE985