Lucene search
Lana CodesWPVDB-ID:30211FFD-8751-4354-96D3-69B0106100B1HistoryFeb 02, 2023 - 12:00 a.m.
List Pages Shortcode < 1.7.6 - Contributor+ Stored XSS via Shortcode
2023-02-0200:00:00
Lana Codes
wpscan.com
8
plugin
validate
escape
shortcode
stored xss
cross-site scripting
contributor
admins
poc
EPSS
0.001
Percentile
25.6%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
PoC
[list-pages class=β" onmouseover=βalert(/XSS/)ββ]
Related
prion
prion
Cross site scripting
2023-02-27 16:15:00
cve
cve
CVE-2022-4757
2023-02-27 16:15:11
wpexploit
wpexploit
List Pages Shortcode < 1.7.6 - Contributor+ Stored XSS via Shortcode
2023-02-02 00:00:00
nvd
nvd
CVE-2022-4757
2023-02-27 16:15:11
cvelist
cvelist