Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbGemWPVDB-ID:2011DC7B-8E8C-4190-AB34-DE288E14685B
HistoryOct 28, 2022 - 12:00 a.m.

Spacer < 3.0.7 - Admin+ Stored XSS

2022-10-2800:00:00
gem
wpscan.com
6
stored xss
admin privilege
cross-site scripting
settings injection
vulnerability.

EPSS

0.001

Percentile

24.8%

JSON

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

PoC

Add new Spacers and add payload ">

Gem

to Settings ยป Spacer ยป Add Spacers ยป New Spacer ยป Space Title and submit.

Related

patchstack 1
wpexploit 1
cvelist 1
cve 1
cnvd 1
prion 1
nvd 1
patchstack
patchstack
WordPress Spacer plugin <= 3.0.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
2022-10-28 00:00:00
wpexploit
wpexploit
Spacer < 3.0.7 - Admin+ Stored XSS
2022-10-28 00:00:00
cvelist
cvelist
CVE-2022-3618 Spacer < 3.0.7 - Admin+ Stored XSS
2022-11-21 00:00:00
cve
cve
CVE-2022-3618
2022-11-21 11:15:20
cnvd
cnvd
WordPress Spacer Cross-Site Scripting Vulnerability
2022-11-23 00:00:00
prion
prion
Cross site scripting
2022-11-21 11:15:00
nvd
nvd
CVE-2022-3618
2022-11-21 11:15:20

EPSS

0.001

Percentile

24.8%

JSON
Related for WPVDB-ID:2011DC7B-8E8C-4190-AB34-DE288E14685B
patchstack1wpexploit1cvelist1cve1cnvd1prion1nvd1