Lucene search
Niraj MahajanWPEX-ID:E9E4DFBE-01B2-4003-80ED-DB1E45F38B2BHistoryJun 06, 2022 - 12:00 a.m.
Login using WordPress Users < 1.13.4 - Admin+ Stored Cross-Site Scripting
2022-06-0600:00:00
Niraj Mahajan
82
0.001 Low
EPSS
Percentile
25.0%
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
Put the following payload in the "IDP Metadata" > "IdP EntityID / Issuer" setting: "><script>alert(String.fromCharCode(88,83,83))</script>Related
wpvulndb
wpvulndb
Login using WordPress Users < 1.13.4 - Admin+ Stored Cross-Site Scripting
2022-06-06 00:00:00
nvd
nvd
CVE-2022-1010
2022-06-27 09:15:08
cve
cve
CVE-2022-1010
2022-06-27 09:15:08
cvelist
cvelist
cnvd
cnvd
WordPress Login using WordPress Users plugin跨站脚本漏洞
2022-06-30 00:00:00
prion
prion
Cross site scripting
2022-06-27 09:15:00