PT-2023-20616 · WordPress · Get Your Number Wordpress Plugin
Aymane Mazguiti
+1
·
Published
2023-06-05
·
Updated
2025-01-08
·
CVE-2023-2634
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Get your number WordPress plugin versions 1.1.3 and earlier
Description
The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for example, in a multisite setup.
Recommendations
For Get your number WordPress plugin versions 1.1.3 and earlier, update to a version that addresses the sanitization and escaping of its settings to prevent Stored Cross-Site Scripting attacks.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Get Your Number Wordpress Plugin