Lucene search
Lana CodesWPVDB-ID:95EE3257-CFDA-480D-B3F7-28235564CF6DHistoryJan 19, 2023 - 12:00 a.m.
Themify Portfolio Post < 1.2.2 - Contributor+ Stored XSS
2023-01-1900:00:00
Lana Codes
wpscan.com
7
themify portfolio. post. stored xss. contributor role. cross-site scripting. plugin vulnerability. software. security. attack.shortcode validation. page/post.
EPSS
0.001
Percentile
25.5%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PoC
[themify_portfolio_posts image_h=β100" onmouseover=βalert(1)ββ] Note: Make sure the featured image is added to the portfolio page.
Related
cve
cve
CVE-2023-0362
2023-02-13 15:15:22
cvelist
cvelist
CVE-2023-0362 Themify Portfolio Post < 1.2.2 - Contributor+ Stored XSS
2023-02-13 14:32:01
nvd
nvd
CVE-2023-0362
2023-02-13 15:15:22
wpexploit
wpexploit
Themify Portfolio Post < 1.2.2 - Contributor+ Stored XSS
2023-01-19 00:00:00
prion
prion
Cross site scripting
2023-02-13 15:15:00