Cross-Site Scripting vulnerabilities in Multiple WordPress Plugins
Tags
attack-pattern: | Vulnerabilities - T1588.006 Scripting - T1064 Scripting |
Common Information
Type | Value |
---|---|
UUID | dce04a50-f7a3-41df-9790-8d1fe6773ce4 |
Fingerprint | a8c1611beb3e0816 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Jan. 12, 2023, 12:42 p.m. |
Added to db | Feb. 14, 2023, 3:33 p.m. |
Last updated | Dec. 24, 2024, 11:51 a.m. |
Headline | Cross-Site Scripting vulnerabilities in Multiple WordPress Plugins |
Title | Cross-Site Scripting vulnerabilities in Multiple WordPress Plugins |
Detected Hints/Tags/Attributes | 21/1/14 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://www.tenable.com/security/research/tra-2023-3 |
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 246 | ✔ | Tenable Research Advisories | https://tenable.com/security/research/feed | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | CVE | 2 | cve-2023-23491 |
|
Details | CVE | 2 | cve-2023-23492 |
|
Details | CVE | 2 | cve-2023-0448 |
|
Details | Domain | 202 | wordpress.org |
|
Details | File | 1 | quick-event-manager.php |
|
Details | File | 30 | admin-ajax.php |
|
Details | File | 1 | login-with-phonenumber.php |
|
Details | File | 2 | class-mbwp-helper.php |
|
Details | Url | 1 | https://wordpress.org/plugins/quick-event-manager/affected |
|
Details | Url | 1 | https://wordpress.org/plugins/quick-event-manager |
|
Details | Url | 1 | http://target_host/wp-admin/admin-ajax.php?action=qem_ajax_calendar&category= |
|
Details | Url | 1 | http://target_host/wp-admin/admin-ajax.php?action=lwp_forgot_password&id= |
|
Details | Url | 1 | https://wordpress.org/plugins/wp-helper-lite |
|
Details | Url | 1 | http://target_host/wp-admin/admin-ajax.php?action=surveysubmit&aaa=xxx |