Lucene search
Bob MatyasWPVDB-ID:2074D0F5-4165-4130-9391-37CB21E8AA1BHistoryMay 02, 2024 - 12:00 a.m.
Pet Manager <= 1.4 - Contributor+ Stored XSS
2024-05-0200:00:00
Bob Matyas
wpscan.com
9
pet manager
contributor
stored xss
cross-site scripting
update
Description The plugin does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks.
PoC
1. Go to “Pets > Add Pet” 2. In the “Address” field add the payload " style=animation-name:rotation onanimationstart=alert(/XSS/)// 3. Save and reload to see the XSS
Related
nvd
nvd
CVE-2024-3918
2024-05-23 06:15:11
wpexploit
wpexploit
Pet Manager <= 1.4 - Contributor+ Stored XSS
2024-05-02 00:00:00
cve
cve
CVE-2024-3918
2024-05-23 06:15:11
cvelist
cvelist
CVE-2024-3918 Pet Manager <= 1.4 - Contributor+ Stored XSS
2024-05-23 06:00:03
vulnrichment
vulnrichment
CVE-2024-3918 Pet Manager <= 1.4 - Contributor+ Stored XSS
2024-05-23 06:00:03
wordfence
wordfence
AI Score
5.5
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPVDB-ID:2074D0F5-4165-4130-9391-37CB21E8AA1B