Lucene search
Lana CodesWPVDB-ID:FE60EA83-B584-465A-8128-B7358D8DA3AFHistoryJan 23, 2023 - 12:00 a.m.
Lightweight Accordion < 1.5.15 - Contributor+ Stored XSS
2023-01-2300:00:00
Lana Codes
wpscan.com
18
lightweight accordion
plugin
stored xss
contributor role
block options
page/post
gutenberg block
cross-site scripting
software
0.001 Low
EPSS
Percentile
23.4%
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PoC
Exploit Additional CSS class(es) for “Lightweight Accordion” Gutenberg block: " onmouseover=“alert(1)”
| CPE | Name | Operator | Version |
|---|---|---|---|
| lightweight-accordion | lt | 1.5.15 |
Related
wpexploit
wpexploit
Lightweight Accordion < 1.5.15 - Contributor+ Stored XSS
2023-01-23 00:00:00
prion
prion
Cross site scripting
2023-02-13 15:15:00
cvelist
cvelist
CVE-2023-0373 Lightweight Accordion < 1.5.15 - Contributor+ Stored XSS
2023-02-13 14:32:09
nvd
nvd
CVE-2023-0373
2023-02-13 15:15:22
cve
cve
CVE-2023-0373
2023-02-13 15:15:22