Lucene search
Jinson Varghese BehananWPVDB-ID:378239A5-A7F2-4CCB-BB46-4D2B667FDF16HistoryJun 25, 2020 - 12:00 a.m.
Coming Soon Page, Under Construction & Maintenance Mode by SeedProd < 5.1.2 - Authenticated Stored Cross Site Scripting (XSS)
2020-06-2500:00:00
Jinson Varghese Behanan
wpscan.com
6
0.004 Low
EPSS
Percentile
72.0%
Authenticated stored cross-site scripting issues in some of the plugin settings, requiring high privileges.
PoC
Affected fields are in the settings of the plugin and will be triggered when the common soon page is displayed (either the preview or normal one): Logo: x’ onerror='alert(/XSS/) Headlines: (for v < 5.1.1), (for v < 5.1.2)
| CPE | Name | Operator | Version |
|---|---|---|---|
| coming-soon | lt | 5.1.2 |
Related
prion
prion
Cross site scripting
2020-06-24 20:15:00
openvas
openvas
WordPress Website Builder by SeedProd Plugin < 5.1.2 XSS Vulnerability
2023-11-21 00:00:00
cve
cve
CVE-2020-15038
2020-06-24 20:15:10
checkpoint_advisories
checkpoint_advisories
WordPress SeedProd Plugin Persistent Cross-Site Scripting (CVE-2020-15038)
2020-09-01 00:00:00
wpexploit
wpexploit
zdt
zdt
packetstorm
packetstorm
WordPress Maintenance Mode By SeedProd 5.1.1 Cross Site Scripting
2020-07-29 00:00:00
patchstack
patchstack
cvelist
cvelist
CVE-2020-15038
2020-06-24 19:58:59
nvd
nvd
CVE-2020-15038
2020-06-24 20:15:10
exploitdb
exploitdb