• Call Us: (540) 566-8737
    • Account Login (AMP)
    Menu
    quote-posttype-plugin <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

    quote-posttype-plugin <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

    Tweet
    Share
    Share
    Pin
    0 Shares

    EntreBase Advisory: The quote-posttype-plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Author field in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

    Read more about this vulnerability: https://www.wordfence.com/threat-intel/vulnerabilities/id/4aa09e5b-fc3d-4409-bf2c-dd8aae69eeda?source=api-prod

    About the Contributor
    Trust & Safety
    The Trust & Safety team ensures the EntreBase platform remains compliant, safe, and user-friendly. Focused on risk management and user protection, they work to uphold trust and provide a seamless experience.