Lucene search
WpvulndbWPVDB-ID:8F579807-FED9-4135-A546-128B21D1A21DHistorySep 26, 2022 - 12:00 a.m.
Comment Guestbook <= 0.8.0 - Admin+ Stored Cross-Site Scripting
2022-09-2600:00:00
wpscan.com
14
guestbook
admin
cross-site scripting
settings
privilege
multisite
security
0.001 Low
EPSS
Percentile
22.9%
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
| CPE | Name | Operator | Version |
|---|---|---|---|
| comment-guestbook | eq | * |
Related
patchstack
patchstack
cve
cve
CVE-2021-36830
2022-09-30 17:15:11
cvelist
cvelist
nvd
nvd
CVE-2021-36830
2022-09-30 17:15:11
prion
prion
Cross site scripting
2022-09-30 17:15:00