Lucene search
Akash Rajendra PatilWPVDB-ID:A31321FE-ADC6-4480-A220-35AEDCA52B8BHistoryJun 30, 2021 - 12:00 a.m.
TaxoPress < 3.0.7.2 - Authenticated Stored Cross-Site Scripting (XSS)
2021-06-3000:00:00
Akash Rajendra Patil
wpscan.com
8
0.001 Low
EPSS
Percentile
41.1%
The plugin does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue.
PoC
Add or edit a Taximony (/wp-admin/admin.php?page=st_taxonomiesthe) with the following description: "> Then view the Taxonomies table to trigger the XSS
| CPE | Name | Operator | Version |
|---|---|---|---|
| simple-tags | lt | 3.0.7.2 |
Related
prion
prion
Cross site scripting
2021-08-02 11:15:00
cvelist
cvelist
patchstack
patchstack
nvd
nvd
CVE-2021-24444
2021-08-02 11:15:09
packetstorm
packetstorm
WordPress TaxoPress 3.0.7.1 Cross Site Scripting
2021-10-25 00:00:00
cve
cve
CVE-2021-24444
2021-08-02 11:15:09
wpexploit
wpexploit
TaxoPress < 3.0.7.2 - Authenticated Stored Cross-Site Scripting (XSS)
2021-06-30 00:00:00
zdt
zdt
exploitdb
exploitdb