vendor:
Admin Bar & Dashboard Access Control
by:
Rachit Arora
3.1
CVSS
MEDIUM
Stored Cross-Site Scripting (XSS)
79
CWE
Product Name: Admin Bar & Dashboard Access Control
Affected Version From: 1.2.2008
Affected Version To: 1.2.2008
Patch Exists: NO
Related CWE: CVE-2023-47184
CPE: a:wordpress:admin_bar_&_dashboard_access_control:1.2.8
Platforms Tested: Windows
2023
WordPress Plugin Admin Bar & Dashboard Access Control 1.2.8 Stored Cross-Site Scripting (XSS)
The WordPress Plugin Admin Bar & Dashboard Access Control version 1.2.8 is vulnerable to stored cross-site scripting (XSS) due to improper input validation in the 'Dashboard Redirect' field. An attacker can store malicious scripts in this field, leading to the execution of arbitrary JavaScript code when triggered.
Mitigation:
Ensure proper input validation and sanitization of user-controlled input fields to prevent XSS attacks. Regularly update the plugin to the latest version to patch security vulnerabilities.