Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 07/04/2020 Updated: 08/04/2020

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Stored XSS in the IMPress for IDX Broker WordPress plugin prior to 2.6.2 allows authenticated attackers with minimal (subscriber-level) permissions to save arbitrary JavaScript in the plugin's settings panel via the idx_update_recaptcha_key AJAX action and a crafted idx_recaptcha_site_key parameter, which would then be executed in the browser of any administrator visiting the panel. This could be used to create new administrator-level accounts.

Vulnerable Product	Search on Vulmon	Subscribe to Product
idxbroker impress for idx broker

CWE-79 https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-impress-for-idx-broker/https://wordpress.org/plugins/idx-broker-platinum/#developers https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-11512

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect