PublishPress Capabilities < 2.3.3 - Cross-Site Scripting

Detects stored XSS vulnerability in PublishPress Capabilities plugin versions below 2.3.3.

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

26 days 8 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

The PublishPress Capabilities plugin is a popular tool for managing user roles and permissions in WordPress environments. Versions prior to 2.3.3 are affected by a stored Cross-Site Scripting (XSS) vulnerability that allows attackers to inject malicious JavaScript code into the site’s backend or frontend.

This vulnerability arises due to insufficient sanitization of user-supplied input, which can be stored and executed in contexts accessible to administrators or visitors. Exploiting this flaw can lead to session hijacking, unauthorized administrative actions, or the delivery of malicious payloads to users.

The scanner detects vulnerable plugin versions and checks for the presence of unpatched code paths that permit script injection. Mitigation involves updating the plugin to the latest secure version and auditing input validation throughout the site.

Get started to protecting your digital assets