Lucene search
Fayçal CHENAWPVDB-ID:2CE2A387-ACC8-482A-9452-A4D9ACB187FDHistoryJul 11, 2022 - 12:00 a.m.
Event Timeline <= 1.1.6 - Admin+ Stored Cross-Site Scripting
2022-07-1100:00:00
Fayçal CHENA
wpscan.com
11
event timeline
stored cross-site scripting
admin+
unfiltered html
cross-site scripting
EPSS
0.001
Percentile
24.8%
The plugin does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PoC
Create/edit a Timeline, put the following payload in the βTextβ field at the bottom: Click save (below the Text field, not the button on top of the page), then click Update The XSS will be triggered in post/page where the Timeline is embed
Related
patchstack
patchstack
wpexploit
wpexploit
Event Timeline <= 1.1.6 - Admin+ Stored Cross-Site Scripting
2022-07-11 00:00:00
cve
cve
CVE-2022-1324
2022-08-01 13:15:09
prion
prion
Cross site scripting
2022-08-01 13:15:00
nvd
nvd
CVE-2022-1324
2022-08-01 13:15:09
cvelist
cvelist
CVE-2022-1324 Event Timeline <= 1.1.5 - Admin+ Stored Cross-Site Scripting
2022-08-01 12:47:32