RSS   Vulnerabilities for 'Gistpress'   RSS

2020-01-30
 
CVE-2020-8498

CWE-79
 

 
XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability).

 


Copyright 2024, cxsecurity.com

 

Back to Top