Lucene search
EmadWPEX-ID:E866A214-A142-43C7-B93D-FF2301A3E432HistorySep 25, 2023 - 12:00 a.m.
PowerPress Podcasting < 11.0.12 - Contributor+ Stored XSS
2023-09-2500:00:00
emad
49
powerpress podcasting
stored xss
contributor+
media url
exploit
Description The plugin does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin.
Add the following payload to the Media URL field:
<img src=x onerror=alert(origin)> <svg onload=alert(origin)>Related
wpvulndb
wpvulndb
PowerPress Podcasting < 11.0.12 - Contributor+ Stored XSS
2023-09-25 00:00:00
nvd
nvd
CVE-2023-4820
2023-10-16 20:15:16
prion
prion
Code injection
2023-10-16 20:15:00
cvelist
cvelist
CVE-2023-4820 PowerPress Podcasting < 11.0.12 - Contributor+ Stored XSS
2023-10-16 19:39:21
cve
cve
CVE-2023-4820
2023-10-16 20:15:16
AI Score
7.1
Confidence
High
EPSS
0.001
Percentile
20.8%
Related for WPEX-ID:E866A214-A142-43C7-B93D-FF2301A3E432