CVEs-PoC/2020/CVE-2020-11025.md at b0e96c877abb080d7cf221c036336480ff266ccf

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-09 19:17:37 +02:00

Files

T

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

POC

Reference

No PoCs from references.

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Afetter618/WordPress-PenTest
https://github.com/El-Palomo/DerpNStink
https://github.com/El-Palomo/SYMFONOS
https://github.com/namhikelo/Symfonos1-Vulnhub-CEH
https://github.com/zer0uid/docker-CVEanalysis

1.2 KiB Raw Blame History

CVE-2020-11025

Description

POC

Reference

Github

1.2 KiB

Raw Blame History