Lucene search
MikaWPEX-ID:000E65F1-89CD-4DD5-A09D-5FEBD9FDFBDBHistoryNov 01, 2021 - 12:00 a.m.
Shop Page WP < 1.2.8 - Admin+ Stored Cross-Site Scripting
2021-11-0100:00:00
Mika
244
wordpress
stored xss
admin panel
.
EPSS
0.001
Percentile
24.8%
The plugin does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Add/edit a product and put the following payload in the Product Affiliate URL, Custom Button Text fields: "><img src onerror=alert(/XSS/)>
The Product Description field is also affected, with the following payload: </textarea><img src onerror=alert(/XSS/)>
The XSS will be triggered when viewing the Product in a page, or when editing the Product in the admin dashboardRelated
wpvulndb
wpvulndb
Shop Page WP < 1.2.8 - Admin+ Stored Cross-Site Scripting
2021-11-01 00:00:00
cvelist
cvelist
CVE-2021-24811 Shop Page WP < 1.2.8 - Admin+ Stored Cross-Site Scripting
2021-11-29 08:25:37
cve
cve
CVE-2021-24811
2021-11-29 09:15:07
prion
prion
Cross site scripting
2021-11-29 09:15:00
nvd
nvd
CVE-2021-24811
2021-11-29 09:15:07