PT-2023-30768 · WordPress · Embed Privacy

Matzekitt

Publicado

2023-11-20

Atualizado

2023-11-25

CVE-2023-48300

CVSS v3.1

6.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Embed Privacy plugin for WordPress versions up to, and including, 1.8.0

Description The issue is related to Stored Cross-Site Scripting via the embed privacy opt out shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Recommendations For Embed Privacy plugin for WordPress versions up to, and including, 1.8.0, update to version 1.8.1 to resolve the issue.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-48300

GHSA-3WV9-4RVF-W37G

Produtos afetados

Embed Privacy

PT-2023-30768 · WordPress · Embed Privacy

CVE-2023-48300

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8