GHSA-p9xp-xghp-gqvp

Source

https://github.com/advisories/GHSA-p9xp-xghp-gqvp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p9xp-xghp-gqvp/GHSA-p9xp-xghp-gqvp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-p9xp-xghp-gqvp

Aliases

CVE-2020-13487

Published

2022-05-24T17:18:42Z

Modified

2024-04-25T21:57:36.461742Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

bbPress stored Cross-Site Scripting (XSS) vulnerability in the Forum creation section

Details

The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI.

Database specific

{
    "nvd_published_at": "2020-05-26T14:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-25T21:39:32Z"
}

References

Affected packages

Packagist / bbpress/bbpress

Package

Name: bbpress/bbpress
Purl: pkg:composer/bbpress/bbpress

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.6.4