Lucene search
WpvulndbWPVDB-ID:DA99DA13-CBAA-4BBD-912F-A79FE511CDCDHistoryNov 29, 2022 - 12:00 a.m.
Simple:Press < 6.8.1 - Subscriber+ Stored XSS via Profile Signatures
2022-11-2900:00:00
wpscan.com
8
simple:press plugin
6.8.1
stored xss
profile signatures
sanitize
escape
postitem parameter
modify
authenticated users
subscriber
software
0.001 Low
EPSS
Percentile
19.6%
The plugin does not sanitise and escape the postitem parameter when modifying profile signatures, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks
| CPE | Name | Operator | Version |
|---|---|---|---|
| simplepress | lt | 6.8.1 |
Related
prion
prion
Cross site scripting
2022-11-29 21:15:00
cvelist
cvelist
CVE-2022-4028
2022-11-29 20:08:35
nvd
nvd
CVE-2022-4028
2022-11-29 21:15:11
cnvd
cnvd
WordPress Simple:Press plugin has cross-site scripting vulnerability
2022-11-30 00:00:00
cve
cve
CVE-2022-4028
2022-11-29 21:15:11