VYPR
Unrated severityNVD Advisory· Published Feb 21, 2023· Updated Apr 23, 2025

Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting

CVE-2020-36656

Description

The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.