Lucene search
Victor PasmanWPEX-ID:57017050-811E-474D-8256-33D19D4C0553HistoryMay 02, 2022 - 12:00 a.m.
WP Meta SEO < 4.4.7 - Admin+ Stored Cross-Site Scripting via breadcrumbs
2022-05-0200:00:00
Victor Pasman
94
wordpress
meta seo
cross-site scripting
admin
stored
breadcrumbs
exploit
EPSS
0.001
Percentile
24.8%
The plugin does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed.
As admin, put the following payload in the Breadcrumb separator setting and save: <script>alert(/hello/)</script>
The XSS will be triggered in page/post where Breadcrumb is enabledRelated
wpvulndb
wpvulndb
WP Meta SEO < 4.4.7 - Admin+ Stored Cross-Site Scripting via breadcrumbs
2022-05-02 00:00:00
nvd
nvd
CVE-2022-1093
2022-05-23 08:16:06
cve
cve
CVE-2022-1093
2022-05-23 08:16:06
prion
prion
Hardcoded credentials
2022-05-23 08:16:00
patchstack
patchstack
cvelist
cvelist