Lucene search
Websafe2021WPVDB-ID:51B91D0E-33AF-41CE-B95F-D422586F1D5FHistoryApr 13, 2022 - 12:00 a.m.
Easily Generate Rest API Url <= 1.0.0 - Admin+ Stored Cross-Site Scripting
2022-04-1300:00:00
websafe2021
wpscan.com
11
0.001 Low
EPSS
Percentile
24.8%
The plugin does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
PoC
Put the following payload in the “Post Per Page” or “Enter Search Text”: settings of the plugin: "autofocus onfocus=alert(1)//
| CPE | Name | Operator | Version |
|---|---|---|---|
| easily-generate-rest-api-url | eq | * |
Related
wpexploit
wpexploit
Easily Generate Rest API Url <= 1.0.0 - Admin+ Stored Cross-Site Scripting
2022-04-13 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2022-1338
2022-05-09 17:15:08
prion
prion
Cross site scripting
2022-05-09 17:15:00
cve
cve
CVE-2022-1338
2022-05-09 17:15:08
patchstack
patchstack