WordPress Plugin Vulnerabilities
LetterPress <= 1.2.1 - Admin+ Stored Cross-Site Scripting
Description
The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Pavak Tiwari
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-05-11 (about 1 years ago)
Added
2023-08-09 (about 9 months ago)
Last Updated
2023-10-06 (about 7 months ago)