Lucene search
Niraj MahajanWPVDB-ID:9DBB0D6D-BC84-4B85-8AA5-FA2A8E6FA5E3HistoryApr 01, 2022 - 12:00 a.m.
Page Restriction WordPress < 1.2.7 - Admin+ Stored Cross-Site Scripting
2022-04-0100:00:00
Niraj Mahajan
wpscan.com
11
0.001 Low
EPSS
Percentile
24.8%
The plugin allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator users.
PoC
In Page/Post Access tab, Use XSS Payload as "> in any of the pages available. XSS will be triggered at the plugin’s admin panel.
| CPE | Name | Operator | Version |
|---|---|---|---|
| page-and-post-restriction | lt | 1.2.7 |
Related
cnvd
cnvd
WordPress plugin Page Restriction cross-site scripting vulnerability
2022-04-27 00:00:00
prion
prion
Cross site scripting
2022-04-25 16:16:00
wpexploit
wpexploit
Page Restriction WordPress < 1.2.7 - Admin+ Stored Cross-Site Scripting
2022-04-01 00:00:00
patchstack
patchstack
cvelist
cvelist
nvd
nvd
CVE-2022-1027
2022-04-25 16:16:08
cve
cve
CVE-2022-1027
2022-04-25 16:16:08