Lucene search
Dc11WPVDB-ID:84F53E27-D8D2-4FA3-91F9-447037508D30HistoryOct 09, 2023 - 12:00 a.m.
WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS
2023-10-0900:00:00
dc11
wpscan.com
5
plugin
ajax
endpoint
authenticated users
stored xss
input
capability checks
input sanitization
v2.1.0
admin+ privileges
0.0004 Low
EPSS
Percentile
14.2%
Description The plugin provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change them and perform Stored Cross-Site Scripting. Note: A partial fix was released in v2.1.0, but stored XSS was still possible for users with Admin+ privileges
PoC
Open the following URL when logged in as a subscriber: `https://example.com/wp-admin/admin-ajax.php?action=update_settings&settings;[removeByCSS]=true&settings;[removeFromHome]=true&settings;[cssCode]=
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 2.2.0 |
Related
cve
cve
CVE-2023-4823
2023-10-31 14:15:12
prion
prion
Cross site scripting
2023-10-31 14:15:00
cvelist
cvelist
CVE-2023-4823 WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS
2023-10-31 13:54:42
nvd
nvd
CVE-2023-4823
2023-10-31 14:15:12
wpexploit
wpexploit
WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS
2023-10-09 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: vim-9.0.2120-1.fc37
2023-11-26 03:08:40
[SECURITY] Fedora 39 Update: vim-9.0.2120-1.fc39
2023-11-24 01:37:40
[SECURITY] Fedora 38 Update: vim-9.0.2120-1.fc38
2023-11-26 03:05:59
wordfence
wordfence