Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbXiahaoWPVDB-ID:BB5D94AD-E1CE-44E2-8403-D73FE75A146A
HistoryJul 29, 2021 - 12:00 a.m.

Splash Header < 1.20.8 - Authenticated Stored Cross-Site Scripting (XSS)

2021-07-2900:00:00
xiahao
wpscan.com
5
plugin vulnerability
authenticated
cross-site scripting
admin dashboard
settings
xss
wordpress.

EPSS

0.001

Percentile

24.8%

JSON

The plugin doesn’t sanitise and escape some of its settings while outputting them in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue.

PoC

Put the following payload in the “Note title” and “Note message” settings of the plugin: "> and Then visit the Admin Dashboard homepage or the plugin’s settings (/wp-admin/admin.php?page=Splash_Header_Display&tab;=homepage) to trigger the XSS https://github.com/xiahao90/CVEproject/blob/main/wordpress_Splashheader_XSS.md

Related

wpexploit 1
patchstack 1
prion 1
cve 1
nvd 1
cvelist 1
wpexploit
wpexploit
Splash Header < 1.20.8 - Authenticated Stored Cross-Site Scripting (XSS)
2021-07-29 00:00:00
patchstack
patchstack
WordPress Splash Header plugin <= 1.20.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
2021-07-29 00:00:00
prion
prion
Cross site scripting
2021-09-20 10:15:00
cve
cve
CVE-2021-24587
2021-09-20 10:15:08
nvd
nvd
CVE-2021-24587
2021-09-20 10:15:08
cvelist
cvelist
CVE-2021-24587 Splash Header < 1.20.8 - Authenticated Stored Cross-Site Scripting (XSS)
2021-09-20 10:06:24

EPSS

0.001

Percentile

24.8%

JSON
Related for WPVDB-ID:BB5D94AD-E1CE-44E2-8403-D73FE75A146A
wpexploit1patchstack1prion1cve1nvd1cvelist1