Stored XSS Vulnerability in IMPress for IDX Broker WordPress Plugin
CVE-2020-11512

5.4MEDIUM

Key Information:

Vendor
Wordpress
Vendor
CVE Published:
7 April 2020

Summary

The IMPress for IDX Broker WordPress plugin prior to version 2.6.2 is susceptible to a stored XSS vulnerability. This flaw allows authenticated users, even those with minimal permissions, to inject arbitrary JavaScript code into the plugin's settings. When executed, this code runs in the browser of any administrator visiting the settings panel, potentially leading to unauthorized actions, including the creation of new administrator-level accounts, thus compromising the security of the WordPress site.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.