Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting
CVE-2020-36656

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Spectra
Vendor: CVE Published:; 21 February 2023

Summary

The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks.

Affected Version(s)

Spectra 0 < 1.15.0

References

https://wpscan.com/vulnerability/10f7e892-7a91-4292-b03e-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 21, 2023
Vulnerability Reserved
Jan 24, 2023

Credit

Lana Codes