Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbAnanda KrishnaWPVDB-ID:BEEBAE8F-FA48-46C9-9E57-CE724850201C
HistoryDec 26, 2019 - 12:00 a.m.

WP Accessibility < 1.7.0 - Minor Authenticated Stored XSS in custom CSS

2019-12-2600:00:00
Ananda Krishna
wpscan.com
5
JSON

A minor authenticated stored XSS vulnerability was found in the “Styles for Skiplinks when they have focus” section of the WP Accessibility plugin.

PoC

  1. Navigate to the Settings page of the plugin https://example.com/wp-admin/options-general.php?page=wp-accessibility/wp-accessibility.php 2) Select the checkbox next to “Enable Skiplinks” 3) Under the “Styles for Skiplinks when they have focus” option, enter the following XSS payload: alert(/0/)
CPENameOperatorVersion
wp-accessibilitylt1.7.0
JSON