CVE-2023-2433

Name of the Vulnerable Software and Affected Versions YARPP plugin for WordPress versions up to, and including, 5.30.3

Description The issue arises from insufficient input sanitization and output escaping, allowing contributor-level attackers to inject arbitrary web scripts via the className parameter. This enables the execution of injected scripts whenever a user accesses an injected page.

Recommendations For YARPP plugin for WordPress versions up to, and including, 5.30.3, update to a version later than 5.30.3 to resolve the issue. As a temporary workaround, consider restricting access to the className parameter to minimize the risk of exploitation.