vendor:
TaxoPress
by:
Akash Rajendra Patil
4.8
CVSS
MEDIUM
Stored Cross-Site Scripting (XSS)
79
CWE
Product Name: TaxoPress
Affected Version From: 3.0.7.1
Affected Version To: 3.0.7.1
Patch Exists: YES
Related CWE: CVE-2021-24444
CPE: 2.3:a:wordpress:taxopress:3.0.7.1
Platforms Tested: Windows
2021
WordPress Plugin TaxoPress 3.0.7.1 – Stored Cross-Site Scripting (XSS) (Authenticated)
TaxoPress Version 3.0.7.1 is vulnerable to Stored Cross-Site Scripting (XSS). An authenticated user can inject malicious JavaScript payload into the 'Table Name & Descriptions' field which will be stored in the database. When the same functionality is triggered, the payload will be executed and a pop-up will be displayed.
Mitigation:
Ensure that user input is properly sanitized and validated before being stored in the database.