PT-2023-17389 · WordPress · Front Editor

Vikas Kumawat

Publicado

2023-08-30

Atualizado

2023-09-01

CVE-2023-1982

CVSS v3.1

4.8

Média

Vetor

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions The Front Editor WordPress plugin versions 4.0.4 and earlier

Description The issue allows high-privilege users to perform Stored Cross-Site Scripting attacks due to the lack of sanitization and escaping of some form settings. This can occur even when the unfiltered html capability is disallowed, such as in a multisite setup.

Recommendations For versions 4.0.4 and earlier, update to a version that sanitizes and escapes form settings to prevent Stored Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-1982

Produtos afetados

Front Editor

PT-2023-17389 · WordPress · Front Editor

CVE-2023-1982

Identificadores relacionados

Produtos afetados

Referências · 5