Lucene search
Akash Rajendra PatilWPVDB-ID:4A6B278A-4C11-4624-86BF-754212979643HistorySep 21, 2021 - 12:00 a.m.
Special Text Boxes <= 5.9.109 - Admin+ Stored Cross-Site Scripting
2021-09-2100:00:00
Akash Rajendra Patil
wpscan.com
11
special text boxes
stored cross-site scripting
settings
cross-site scripting
unfiltered_html
admin
EPSS
0.001
Percentile
24.8%
The plugin does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
PoC
Put the following payload in any of the field in the ‘Basic Settings’ section of the plugin’s setting (/wp-admin/admin.php?page=stb-settings): " autofocus onfocus=alert(/XSS/)//
Related
prion
prion
Cross site scripting
2021-10-25 14:15:00
cvelist
cvelist
wpexploit
wpexploit
Special Text Boxes <= 5.9.109 - Admin+ Stored Cross-Site Scripting
2021-09-21 00:00:00
cve
cve
CVE-2021-24485
2021-10-25 14:15:10
cnvd
cnvd
WordPress Special Text Boxes plugin cross-site scripting vulnerability
2021-10-28 00:00:00
nvd
nvd
CVE-2021-24485
2021-10-25 14:15:10
patchstack
patchstack