Lucene search
WpvulndbWPVDB-ID:69589265-FE83-4EB0-9782-ED26A39501D5HistoryOct 24, 2023 - 12:00 a.m.
Print, PDF, Email by PrintFriendly < 5.5.2 - Admin+ Stored XSS
2023-10-2400:00:00
wpscan.com
10
printfriendly
plugin
stored xss
admin+ vulnerability
unfiltered_html
multisite
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 5.5.2 |
References
patchstack.com/database/vulnerability/printfriendly/wordpress-print-pdf-email-by-printfriendly-plugin-5-5-1-cross-site-scripting-xss-vulnerability
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/printfriendly/print-pdf-email-by-printfriendly-551-authenticated-administrator-stored-cross-site-scripting-via-settings
Related
cvelist
cvelist
prion
prion
Cross site scripting
2023-10-25 18:17:00
nvd
nvd
CVE-2023-25032
2023-10-25 18:17:24
cve
cve
CVE-2023-25032
2023-10-25 18:17:24
wordfence
wordfence
6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.0%
Related for WPVDB-ID:69589265-FE83-4EB0-9782-ED26A39501D5