PT-2023-16259 · WordPress · Cloud Manager Wordpress Plugin

Shreya Pohekar

Publicado

2023-05-08

Atualizado

2023-05-15

CVE-2023-0421

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Cloud Manager WordPress plugin versions 1.0 and earlier

Description The issue allows unauthenticated attackers to trick a logged-in admin into triggering a XSS payload by clicking a link, due to the lack of sanitization and escaping of the query parameter ricerca before outputting it in an admin panel.

Recommendations For Cloud Manager WordPress plugin versions 1.0 and earlier, update to a version that properly sanitizes and escapes user input to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-0421

Produtos afetados

Cloud Manager Wordpress Plugin

PT-2023-16259 · WordPress · Cloud Manager Wordpress Plugin

CVE-2023-0421

Identificadores relacionados

Produtos afetados

Referências · 4