Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbAjay Sandipan ThorboleWPVDB-ID:BA4503F7-684E-4274-BC53-3AA848712496
HistoryJun 21, 2021 - 12:00 a.m.

Sign-up Sheets < 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS)

2021-06-2100:00:00
Ajay Sandipan Thorbole
wpscan.com
13
plugin
authenticated
cross-site scripting
xss
admin
dashboard
vulnerability
poc

EPSS

0.001

Percentile

24.8%

JSON

The plugin did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored Cross-Site Scripting issue. The payloads will be triggered when viewing the ‘All Sheets’ page in the admin dashboard

PoC

As admin, add a new Sheet and add the following payload in the “Title”, “Details” and “Task” fields: The XSS will be trigger whenever an admin goes to the All Sheets page.

Related

wpexploit 1
prion 1
cvelist 1
patchstack 1
cve 1
nvd 1
wpexploit
wpexploit
Sign-up Sheets < 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS)
2021-06-21 00:00:00
prion
prion
Cross site scripting
2021-07-12 20:15:00
cvelist
cvelist
CVE-2021-24440 Sign-up Sheets < 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS)
2021-07-12 19:21:02
patchstack
patchstack
WordPress Sign-up Sheets plugin <= 1.0.13 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
2021-06-21 00:00:00
cve
cve
CVE-2021-24440
2021-07-12 20:15:09
nvd
nvd
CVE-2021-24440
2021-07-12 20:15:09

EPSS

0.001

Percentile

24.8%

JSON
Related for WPVDB-ID:BA4503F7-684E-4274-BC53-3AA848712496
wpexploit1prion1cvelist1patchstack1cve1nvd1