Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:63CB66BB-28E2-45A3-A207-D45819F6AF3E
HistoryJun 23, 2023 - 12:00 a.m.

Lana Text to Image < 1.1.0 - Contributor+ Stored Cross-Site Scripting

2023-06-2300:00:00
wpscan.com
6
plugin
sanitization
admin dashboard
contributor+
cross-site scripting
unfiltered_html capability

EPSS

0.001

Percentile

45.3%

JSON

The plugin does not sanitize or escape some of its settings before outputting them in the admin’s dashboard, allowing Contributor+ privileged users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed

Related

cve 1
cvelist 1
prion 1
nvd 1
wordfence 1
cve
cve
CVE-2023-3387
2023-06-24 03:15:09
cvelist
cvelist
CVE-2023-3387
2023-06-24 02:00:19
prion
prion
Cross site scripting
2023-06-24 03:15:00
nvd
nvd
CVE-2023-3387
2023-06-24 03:15:09
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 19, 2023 to June 25, 2023)
2023-06-29 13:24:24

EPSS

0.001

Percentile

45.3%

JSON
Related for WPVDB-ID:63CB66BB-28E2-45A3-A207-D45819F6AF3E
cve1cvelist1prion1nvd1wordfence1