Security Advisory

CVE-2020-8498

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-01-30 22:52:15

Last updated 2024-08-04 10:03:45

Assigner mitre

State PUBLISHED

Description

XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability).

← Browse all CVEs View on cve.org ↗