WP ULike < 4.6.9 - Contributor+ Stored Cross Site Scripting via Shortcode

2023-10-2400:00:00

wpscan.com

wordpress

ulike plugin

cross-site scripting

contributor role

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

JSON

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

CPENameOperatorVersion
eq4.6.9

CPE	Name	Operator	Version
		eq	4.6.9

References

patchstack.com/database/vulnerability/wp-ulike/wordpress-wp-ulike-plugin-4-6-8-cross-site-scripting-xss-vulnerability

www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-ulike/wp-ulike-468-authenticated-contributor-stored-cross-site-scripting-via-shortcode