Lucene search
Lana CodesWPVDB-ID:517154DC-D6BD-462D-B955-061A7B7F8DA5HistoryJan 11, 2023 - 12:00 a.m.
Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS
2023-01-1100:00:00
Lana Codes
wpscan.com
14
cloak front end email
stored xss
plugin
cross-site scripting
contributor role
page/post
shortcode attributes
validation
EPSS
0.001
Percentile
25.5%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PoC
[email name=‘" onmouseover=“alert(1)” style=“background:red;”’] Other affected attribute: subject
Related
wpexploit
wpexploit
Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS
2023-01-11 00:00:00
prion
prion
Cross site scripting
2023-02-06 20:15:00
cvelist
cvelist
CVE-2023-0150 Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS
2023-02-06 19:59:36
nvd
nvd
CVE-2023-0150
2023-02-06 20:15:13
cve
cve
CVE-2023-0150
2023-02-06 20:15:13