Triberr <= 4.1.1 - Admin+ Stored XSS

2023-10-2700:00:00

wpscan.com

triberr

plugin

admin

stored xss

attacks

unfiltered_html

multisite setup

security

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

18.6%

JSON

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

References

patchstack.com/database/vulnerability/triberr-wordpress-plugin/wordpress-triberr-plugin-4-1-1-cross-site-scripting-xss

www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/triberr-wordpress-plugin/triberr-411-authenticated-administrator-stored-cross-site-scripting