CVE-2020-13487
N/A
N/A
Summary
The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://codex.bbpress.org/releases/
- https://wordpress.org/plugins/bbpress/#developers
- https://bbpress.org/
- https://www.youtube.com/watch?v=3rXP8CGTe08
References
- https://codex.bbpress.org/releases/
- https://wordpress.org/plugins/bbpress/#developers
- https://bbpress.org/
- https://www.youtube.com/watch?v=3rXP8CGTe08
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.