Lucene search
Lana CodesWPVDB-ID:2AB59972-CCFD-48F6-B879-58FB38823CA5HistoryJan 04, 2023 - 12:00 a.m.
Themify Shortcodes < 2.0.8 - Contributor+ Stored XSS via Shortcode
2023-01-0400:00:00
Lana Codes
wpscan.com
5
themify shortcodes
stored xss
contributor
cross-site scripting
0.001 Low
EPSS
Percentile
23.5%
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
PoC
Exploit shortcode: [themify_button color=‘red" onmouseover=“alert(1)”’]XSS[/themify_button]
| CPE | Name | Operator | Version |
|---|---|---|---|
| themify-shortcodes | lt | 2.0.8 |
Related
cve
cve
CVE-2022-4787
2023-01-30 21:15:12
cvelist
cvelist
prion
prion
Cross site scripting
2023-01-30 21:15:00
nvd
nvd
CVE-2022-4787
2023-01-30 21:15:12
wpexploit
wpexploit
Themify Shortcodes < 2.0.8 - Contributor+ Stored XSS via Shortcode
2023-01-04 00:00:00