PT-2023-23613 · Theme Palace · Wp Education

Deokhunkim

Publicado

2023-08-18

Atualizado

2023-08-23

CVE-2023-32103

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Theme Palace TP Education plugin versions prior to 4.4

Description The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that affects users with contributor or higher permissions. This allows for malicious scripts to be stored on the server and executed when other users access the affected page.

Recommendations For Theme Palace TP Education plugin versions prior to 4.4, update to a version that contains a fix for this issue.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-32103

Produtos afetados

Wp Education

PT-2023-23613 · Theme Palace · Wp Education

CVE-2023-32103

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3