Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:CBB75383-4351-4488-AACA-DDB0F6F120CD
HistoryMay 09, 2022 - 12:00 a.m.

External Links in New Window / New Tab < 1.43 - Unauthenticated Stored Cross-Site Scripting

2022-05-0900:00:00
wpscan.com
7
external links
vulnerability
unauthenticated
cross-site scripting
software

EPSS

0.001

Percentile

40.2%

JSON

The plugin does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible.

PoC

On any post on the affected site, add the following link to a comment: Click here for XSS Click on the link, you should be getting an alert box.

Related

cvelist 1
prion 1
wpexploit 1
cve 1
nvd 1
cvelist
cvelist
CVE-2022-1582 External Links in New Window / New Tab < 1.43 - Unauthenticated Stored Cross-Site Scripting
2022-05-30 08:36:01
prion
prion
Cross site scripting
2022-05-30 09:15:00
wpexploit
wpexploit
External Links in New Window / New Tab < 1.43 - Unauthenticated Stored Cross-Site Scripting
2022-05-09 00:00:00
cve
cve
CVE-2022-1582
2022-05-30 09:15:10
nvd
nvd
CVE-2022-1582
2022-05-30 09:15:10

EPSS

0.001

Percentile

40.2%

JSON
Related for WPVDB-ID:CBB75383-4351-4488-AACA-DDB0F6F120CD
cvelist1prion1wpexploit1cve1nvd1