PT-2023-15986 · WordPress · Wpaudio Mp3 Player

Lana Codes

Publicado

2023-03-06

Atualizado

2023-03-11

CVE-2023-0069

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions WPaudio MP3 Player WordPress plugin versions 4.0.2 and earlier

Description The issue is related to the WPaudio MP3 Player WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded. This could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Recommendations For WPaudio MP3 Player WordPress plugin versions 4.0.2 and earlier, update to a version that fixes the issue, as the current version does not properly validate and escape shortcode attributes, posing a risk of Stored Cross-Site Scripting attacks.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-0069

Produtos afetados

Wpaudio Mp3 Player

PT-2023-15986 · WordPress · Wpaudio Mp3 Player

CVE-2023-0069

Identificadores relacionados

Produtos afetados

Referências · 5