Opensea < 1.0.3 - Admin+ Stored XSS

2022-04-0400:00:00

Mika

wpscan.com

0.001 Low

EPSS

Percentile

24.8%

JSON

The plugin does not sanitize and escape some of its settings, like its “Referer address” field, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

CPENameOperatorVersion
opensealt1.0.3

CPE	Name	Operator	Version
	opensea	lt	1.0.3

0.001 Low

EPSS

Percentile

24.8%

JSON

Related for WPVDB-ID:EF6830C0-E933-4E62-8321-011D91F9CFEA