Lucene search
WpvulndbWPVDB-ID:99059337-C3CD-4E91-9A03-DF32A05B719CHistoryMar 30, 2022 - 12:00 a.m.
Clipr <= 1.2.3 - Admin+ Stored Cross-Site Scripting
2022-03-3000:00:00
wpscan.com
9
clipr plugin
api key
stored xss
EPSS
0.001
Percentile
36.0%
The plugin does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed
PoC
Put the following payload in the API Key settings of the plugin: '>alert(/XSS/)
References
Related
wpexploit
wpexploit
Clipr <= 1.2.3 - Admin+ Stored Cross-Site Scripting
2022-03-30 00:00:00
cnvd
cnvd
WordPress Cliprs plugin cross-site scripting vulnerability
2022-05-18 00:00:00
nvd
nvd
CVE-2022-1559
2022-05-16 15:15:10
patchstack
patchstack
cvelist
cvelist
CVE-2022-1559 Clipr <= 1.2.3 - Admin+ Stored Cross-Site Scripting
2022-05-16 14:31:13
prion
prion
Cross site scripting
2022-05-16 15:15:00
cve
cve
CVE-2022-1559
2022-05-16 15:15:10