WordPress Plugin Vulnerabilities

SpeakOut! Email Petitions < 2.13.3 - Reflected Cross-Site Scripting

Description

The plugin does not escape its searchString parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

Affects Plugins

Plugin icon
speakout
Fixed in 2.13.3

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
6df1cd74-34d3-455c-b51f-ba3928a89359

Timeline

Publicly Published
2021-08-09 (about 4 years ago)
Added
2021-08-09 (about 4 years ago)
Last Updated
2021-08-09 (about 4 years ago)

Other

Published
Title
Published
2023-05-30
Title
BBS e-Popup <= 2.4.5 - Reflected XSS
Published
2023-10-17
Title
MpOperationLogs <= 1.0.1 - Unauthenticated Stored XSS
Published
2023-02-13
Title
DupeOff <= 1.6 - Admin+ Stored XSS
Published
2023-05-02
Title
Autoptimize < 3.1.7 - Admin+ Stored Cross-Site Scripting via Settings Import
Published
2023-01-16
Title
Contextual Related Posts < 3.3.1 - Contributor+ Stored XSS