Lucene search
CydaveWPVDB-ID:5B983C48-6B05-47CF-85CB-28BBEEC17395HistoryDec 15, 2022 - 12:00 a.m.
Post Status Notifier Lite < 1.10.1 - Reflected XSS
2022-12-1500:00:00
cydave
wpscan.com
9
plugin
reflected cross-site scripting
sanitizing
high privilege users
admin
url
security vulnerability
0.001 Low
EPSS
Percentile
50.1%
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin.
PoC
Make a logged in high privilege user such as admin open the URL below https://example.com/wp-admin/options-general.php?page=post-status-notifier-lite&controller;=
| CPE | Name | Operator | Version |
|---|---|---|---|
| post-status-notifier-lite | lt | 1.10.1 |
Related
cve
cve
CVE-2022-4325
2023-01-09 23:15:27
nuclei
nuclei
WordPress Post Status Notifier Lite <1.10.1 - Cross-Site Scripting
2023-03-18 22:07:09
wpexploit
wpexploit
Post Status Notifier Lite < 1.10.1 - Reflected XSS
2022-12-15 00:00:00
cvelist
cvelist
CVE-2022-4325 Post Status Notifier Lite < 1.10.1 - Reflected XSS
2023-01-09 22:13:46
nvd
nvd
CVE-2022-4325
2023-01-09 23:15:27
prion
prion
Cross site scripting
2023-01-09 23:15:00