CVE-2023-2254

Name of the Vulnerable Software and Affected Versions Ko-fi Button WordPress plugin versions prior to 1.3.3

Description The issue concerns the Ko-fi Button WordPress plugin, which does not properly handle some of its settings. This could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks, even when the unfiltered html capability is disallowed, such as in a multisite setup. The risk associated with this issue is considered low.

Recommendations For versions prior to 1.3.3, update to version 1.3.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the plugin's settings to minimize the risk of exploitation.