Vulnerability Details CVE-2020-14063
A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end page and executed in the browser of visitors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.6%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://wordpress.org/plugins/tc-custom-javascript/#developers
- https://www.wordfence.com/blog/2020/07/high-severity-vulnerability-patched-in-tc-custom-javascript/
- https://wordpress.org/plugins/tc-custom-javascript/#developers
- https://www.wordfence.com/blog/2020/07/high-severity-vulnerability-patched-in-tc-custom-javascript/
Products affected by CVE-2020-14063
-
cpe:2.3:a:tc_custom_javascript_project:tc_custom_javascript:1.0.0
-
cpe:2.3:a:tc_custom_javascript_project:tc_custom_javascript:1.0.3
-
cpe:2.3:a:tc_custom_javascript_project:tc_custom_javascript:1.0.4
-
cpe:2.3:a:tc_custom_javascript_project:tc_custom_javascript:1.1.0
-
cpe:2.3:a:tc_custom_javascript_project:tc_custom_javascript:1.1.1
-
cpe:2.3:a:tc_custom_javascript_project:tc_custom_javascript:1.2.0