Lucene search
Akash Rajendra PatilWPEX-ID:4A6B278A-4C11-4624-86BF-754212979643HistorySep 21, 2021 - 12:00 a.m.
Special Text Boxes <= 5.9.109 - Admin+ Stored Cross-Site Scripting
2021-09-2100:00:00
Akash Rajendra Patil
100
special text boxes plugin
stored cross-site scripting
basic settings
admin+
EPSS
0.001
Percentile
24.8%
The plugin does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
Put the following payload in any of the field in the 'Basic Settings' section of the plugin's setting (/wp-admin/admin.php?page=stb-settings): " autofocus onfocus=alert(/XSS/)//Related
prion
prion
Cross site scripting
2021-10-25 14:15:00
cvelist
cvelist
cve
cve
CVE-2021-24485
2021-10-25 14:15:10
cnvd
cnvd
WordPress Special Text Boxes plugin cross-site scripting vulnerability
2021-10-28 00:00:00
nvd
nvd
CVE-2021-24485
2021-10-25 14:15:10
patchstack
patchstack
wpvulndb
wpvulndb
Special Text Boxes <= 5.9.109 - Admin+ Stored Cross-Site Scripting
2021-09-21 00:00:00