PT-2023-20306 · WordPress · Inventorypress

Daniloalbuqrque

Publicado

2023-07-17

Atualizado

2023-07-26

CVE-2023-2579

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions InventoryPress WordPress plugin versions 1.7 and earlier

Description The issue allows users with the role of author and above to perform Stored Cross-Site Scripting attacks due to the plugin not sanitising and escaping some of its settings.

Recommendations For InventoryPress WordPress plugin versions 1.7 and earlier, update to a version that addresses the sanitisation and escaping of settings to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting the access to settings for users with the role of author and above until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-2579

Produtos afetados

Inventorypress

PT-2023-20306 · WordPress · Inventorypress

CVE-2023-2579

Identificadores relacionados

Produtos afetados

Referências · 6