Lucene search
WpvulndbWPVDB-ID:2C63F136-4C1F-4093-9A8C-5E51F19EAE28HistoryJun 25, 2024 - 12:00 a.m.
WordPress < 6.5.5 - Contributor+ Stored XSS in HTML API
2024-06-2500:00:00
wpscan.com
23
wordpress
stored xss
html api
url attributes
cross-site scripting
5.7 Medium
AI Score
Confidence
High
Description WordPress does not properly escape URL attributes in the HTML API, allowing high-privileged users to perform Stored Cross-Site Scripting (XSS) attacks.
5.7 Medium
AI Score
Confidence
High