Themes Vulnerabilities

Brilliance <= 1.3.1 - Subscriber+ Stored XSS

Description

The theme does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Stored Cross-Site Scripting attacks

Affects Themes

brilliance
No known fix

References

CVE
CVE-2023-28171

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.0 (high)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
25792282-4505-4bd0-85b0-a1e1c2b34bdb

Timeline

Publicly Published
2023-03-13 (about 3 years ago)
Added
2023-06-22 (about 2 years ago)
Last Updated
2023-06-22 (about 2 years ago)

Other

Published
Title
Published
2016-08-02
Title
WangGuard <= 1.7.1 - Cross-Site Scripting (XSS)
Published
2014-04-25
Title
Ultimate Weather Plugin <= 1.0 - Unauthenticated Reflected XSS
Published
2022-08-01
Title
Enable SVG, WebP & ICO Upload < 1.0.7 - Author+ Stored Cross-Site Scripting
Published
2024-09-23
Title
Garden Gnome Package < 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-01-30
Title
WP Dark Mode < 4.0.0 - Contributor+ Stored XSS in Shortcode