Lucene search
Ceylan BozogullarindanWPVDB-ID:7B80F89B-E724-41C5-AA03-21D1EEF50F21HistoryJan 11, 2022 - 12:00 a.m.
Mortgage Calculators WP < 1.56 - Admin+ Stored Cross-Site Scripting
2022-01-1100:00:00
Ceylan Bozogullarindan
wpscan.com
7
mortgage calculators
cross-site scripting
stored
admin+
EPSS
0.001
Percentile
38.3%
The plugin does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PoC
1. Go to settings page available under the “Calculator” menu item. 2. Click the “Select Color” button and type the following payload the input space:
Related
prion
prion
Cross site scripting
2022-02-14 12:15:00
zdt
zdt
cnvd
cnvd
WordPress Mortgage Calculators WP Cross-Site Scripting Vulnerability
2022-03-08 00:00:00
wpexploit
wpexploit
Mortgage Calculators WP < 1.56 - Admin+ Stored Cross-Site Scripting
2022-01-11 00:00:00
cvelist
cvelist
patchstack
patchstack
nvd
nvd
CVE-2021-24904
2022-02-14 12:15:14
packetstorm
packetstorm
WordPress Mortgage Calculators WP 1.52 Cross Site Scripting
2022-01-27 00:00:00
cve
cve
CVE-2021-24904
2022-02-14 12:15:14
exploitdb
exploitdb