Back to search
CVE-2020-13487
Published: May 26, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://codex.bbpress.org/releases/
x_refsource_MISC
https://wordpress.org/plugins/bbpress/#developers
x_refsource_MISC
https://bbpress.org/
x_refsource_MISC
https://www.youtube.com/watch?v=3rXP8CGTe08
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now