Stored XSS Vulnerability in IMPress for IDX Broker WordPress Plugin
CVE-2020-11512
5.4MEDIUM
Summary
The IMPress for IDX Broker WordPress plugin prior to version 2.6.2 is susceptible to a stored XSS vulnerability. This flaw allows authenticated users, even those with minimal permissions, to inject arbitrary JavaScript code into the plugin's settings. When executed, this code runs in the browser of any administrator visiting the settings panel, potentially leading to unauthorized actions, including the creation of new administrator-level accounts, thus compromising the security of the WordPress site.
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved