Stored XSS Vulnerability in IMPress for IDX Broker WordPress Plugin
CVE-2020-11512

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Impress For Idx Broker
Vendor: CVE Published:; 7 April 2020

What is CVE-2020-11512?

The IMPress for IDX Broker WordPress plugin prior to version 2.6.2 is susceptible to a stored XSS vulnerability. This flaw allows authenticated users, even those with minimal permissions, to inject arbitrary JavaScript code into the plugin's settings. When executed, this code runs in the browser of any administrator visiting the settings panel, potentially leading to unauthorized actions, including the creation of new administrator-level accounts, thus compromising the security of the WordPress site.

References

https://wordpress.org/plugins/idx-broker-platinum/#develo...

x_refsource_MISC

https://www.wordfence.com/blog/2020/03/vulnerabilities-pa...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2020
Vulnerability Reserved
Apr 3, 2020

Wordpress

What is CVE-2020-11512?

References

CVSS V3.1

Timeline