CVE-2020-36656

Summary

The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks.

Affected Software

VendorProductVersion RangeStatus
UnknownSpectra0 < 1.15.0affected

Weaknesses

  • CWE-79 Cross-Site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References