Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:BDD3E43C-C9DD-4B07-A046-9869288970B6
HistoryJan 06, 2020 - 12:00 a.m.

Awesome Support < 6.0.0 - Stored XSS via Ticket Title

2020-01-0600:00:00
wpscan.com
13

0.001 Low

EPSS

Percentile

22.9%

JSON

The lack of sanitisation in the post_title of a ticket could allow users with the Support Supervisor capability to create tickets containing XSS payloads. The risk is relatively low, as CSRF checks are in place and the affected role is close to an admin one. Using the DISALLOW_UNFILTERED_HTML constant does not mitigate the attack. January 10th, 2020 - WP Plugins Team Notified

CPENameOperatorVersion
awesome-supportlt6.0.0

Related

cvelist 1
cve 1
patchstack 1
prion 1
nvd 1
cvelist
cvelist
CVE-2019-20181
2020-01-09 21:15:27
cve
cve
CVE-2019-20181
2020-01-09 22:15:13
patchstack
patchstack
WordPress Awesome Support plugin <= 5.8.2 - Stored Cross-Site Scripting (XSS) vulnerability
2020-01-06 00:00:00
prion
prion
Design/Logic Flaw
2020-01-09 22:15:00
nvd
nvd
CVE-2019-20181
2020-01-09 22:15:13

0.001 Low

EPSS

Percentile

22.9%

JSON
Related for WPVDB-ID:BDD3E43C-C9DD-4B07-A046-9869288970B6
cvelist1cve1patchstack1prion1nvd1