Vulnerability Details CVE-2019-14795
The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.7%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- https://wordpress.org/plugins/toggle-the-title/#developers
- https://wpvulndb.com/vulnerabilities/9516
- https://www.pluginvulnerabilities.com/2019/05/16/is-this-authenticated-persistent-cross-site-scripting-xss-vulnerability-what-hackers-would-be-interested-in-toggle-the-title-for/
- https://wordpress.org/plugins/toggle-the-title/#developers
- https://wpvulndb.com/vulnerabilities/9516
- https://www.pluginvulnerabilities.com/2019/05/16/is-this-authenticated-persistent-cross-site-scripting-xss-vulnerability-what-hackers-would-be-interested-in-toggle-the-title-for/
Products affected by CVE-2019-14795
-
cpe:2.3:a:toggle-the-title_project:toggle-the-title:-
-
cpe:2.3:a:toggle-the-title_project:toggle-the-title:1.4