CVE-2020-8799

A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
VendorProductVersion
webtechideaswti_like_post
𝑥
≤ 1.4.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://wordpress.org/plugins/wti-like-post/#developers
https://wpvulndb.com/vulnerabilities/10210
https://wordpress.org/plugins/wti-like-post/#developers
https://wpvulndb.com/vulnerabilities/10210