Lucene search
ZhangyunpeiWPVDB-ID:3CA6D724-CD79-4E07-B8D0-A8C1688ABF16HistoryNov 04, 2022 - 12:00 a.m.
WP Admin UI Customize < 1.5.13 - Admin+ Stored XSS
2022-11-0400:00:00
zhangyunpei
wpscan.com
7
xss vulnerability
wordpress
admin ui customize
EPSS
0.001
Percentile
24.8%
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PoC
1. Go to โWP Admin UI Customizeโ ยป โLogin Formโ. 2. Enter the following value in the first four input boxes: 123" onmouseenter=alert(/XSS/) ". 3. Click the โSaveโ button on the page. 4. Refresh or re-enter the page and move the mouse over the input box to get the XSS to trigger.
Related
prion
prion
Cross site scripting
2022-11-28 14:15:00
cve
cve
CVE-2022-3824
2022-11-28 14:15:14
wpexploit
wpexploit
WP Admin UI Customize < 1.5.13 - Admin+ Stored XSS
2022-11-04 00:00:00
nvd
nvd
CVE-2022-3824
2022-11-28 14:15:14
cvelist
cvelist
CVE-2022-3824 WP Admin UI Customize < 1.5.13 - Admin+ Stored XSS
2022-11-28 13:47:17
cnvd
cnvd
WordPress WP Admin UI Customize plugin cross-site scripting vulnerability
2022-11-30 00:00:00