Lucene search
Erwan LR (WPScan)WPVDB-ID:CF323F72-8374-40FE-9E2E-810E46DE1EC8HistoryNov 20, 2023 - 12:00 a.m.
EmbedPress < 3.9.2 - Reflected XSS
2023-11-2000:00:00
Erwan LR (WPScan)
wpscan.com
7
embedpress
plugin
reflected xss
unsanitised parameter
specific content
high privilege users
admin
security vulnerability
Description The plugin does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PoC
On a post/page where containing the following output (which can be as txt in the post content): “id”:““customThumbnail”:”", make a logged in admin open the URL below: https://example.com/related-page-post/?hash=*(?:'>)*
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 3.9.2 |
Related
prion
prion
Cross site scripting
2023-12-11 20:15:00
cvelist
cvelist
CVE-2023-5750 EmbedPress < 3.9.2 - Reflected XSS
2023-12-11 19:22:38
cve
cve
CVE-2023-5750
2023-12-11 20:15:07
nvd
nvd
CVE-2023-5750
2023-12-11 20:15:07
wpexploit
wpexploit
EmbedPress < 3.9.2 - Reflected XSS
2023-11-20 00:00:00
6.2 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%
Related for WPVDB-ID:CF323F72-8374-40FE-9E2E-810E46DE1EC8