CVE-2020-36656: Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting
First published: Tue Feb 21 2023(Updated: )
The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Brainstorm Force Spectra | <1.15.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-36656?
CVE-2020-36656 is a vulnerability in the Spectra WordPress plugin before version 1.15.0 that allows stored cross-site scripting (XSS) attacks.
How severe is CVE-2020-36656?
CVE-2020-36656 has a severity score of 5.4, which is considered medium.
How does CVE-2020-36656 affect Spectra WordPress plugin?
CVE-2020-36656 affects the Spectra WordPress plugin before version 1.15.0 by allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks.
What software is affected by CVE-2020-36656?
The Spectra WordPress plugin before version 1.15.0 is affected by CVE-2020-36656.
How do I fix CVE-2020-36656?
To fix CVE-2020-36656, update your Spectra WordPress plugin to version 1.15.0 or later.
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/title
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/brainstormforce
- canonical/brainstorm force spectra