CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Stored XSS.This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1.
Explanation of Vulnerability in Simple Terms
The Builderall Builder for WordPress plugin versions 3.0.1 and earlier contain a stored cross-site scripting (XSS) vulnerability. An authenticated user with low privileges can inject malicious scripts that execute in other users' browsers, including administrators. The vulnerability requires user interaction to trigger and can affect the entire site scope. Update to a version newer than 3.0.1.
What an attacker can do
Inject malicious scripts that run in other users' browsers, potentially stealing session tokens or performing actions as those users.
Potential impact on your site
Attackers with basic WordPress access can compromise admin accounts and take control of your site through stored XSS attacks.
Conditions required to exploit
Attacker needs a low-privilege WordPress account and must trick a user into viewing a page containing the malicious payload.
Key dates
External resources
Related vulnerabilities
