Lucene search
Sachin Bahl from eSec Forte Technologies Pvt LtdWPVDB-ID:42F1BF1F-95A8-41EE-A637-88DEB80AB870HistoryJun 06, 2022 - 12:00 a.m.
Nested Pages < 3.1.21 - Admin+ Stored Cross Site Scripting
2022-06-0600:00:00
Sachin Bahl from eSec Forte Technologies Pvt Ltd
wpscan.com
11
0.001 Low
EPSS
Percentile
24.8%
The plugin does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed
PoC
Put the following payload on the “Menu Name” settings of the plugin: "onmouseover=alert(“XSS”)//
| CPE | Name | Operator | Version |
|---|---|---|---|
| wp-nested-pages | lt | 3.1.21 |
Related
wpexploit
wpexploit
Nested Pages < 3.1.21 - Admin+ Stored Cross Site Scripting
2022-06-06 00:00:00
nvd
nvd
CVE-2022-1990
2022-06-27 09:15:10
prion
prion
Cross site scripting
2022-06-27 09:15:00
cnvd
cnvd
WordPress Nested Pages plugin跨站脚本漏洞
2022-06-30 00:00:00
osv
osv
CVE-2022-1990
2022-06-27 09:15:10
patchstack
patchstack
cvelist
cvelist
CVE-2022-1990 Nested Pages < 3.1.21 - Admin+ Stored Cross Site Scripting
2022-06-27 08:59:11
cve
cve
CVE-2022-1990
2022-06-27 09:15:10