PT-2023-20616 · WordPress · Get Your Number Wordpress Plugin

Aymane Mazguiti

Publicado

2023-06-05

Atualizado

2025-01-08

CVE-2023-2634

CVSS v3.1

4.8

Média

Vetor

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Get your number WordPress plugin versions 1.1.3 and earlier

Description The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for example, in a multisite setup.

Recommendations For Get your number WordPress plugin versions 1.1.3 and earlier, update to a version that addresses the sanitization and escaping of its settings to prevent Stored Cross-Site Scripting attacks.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-2634

Produtos afetados

Get Your Number Wordpress Plugin

PT-2023-20616 · WordPress · Get Your Number Wordpress Plugin

CVE-2023-2634

Identificadores relacionados

Produtos afetados

Referências · 3