CVE-2023-51372

Name of the Vulnerable Software and Affected Versions HashBar – WordPress Notification Bar versions 1.4.1 and earlier

Description The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting (XSS). This can lead to the execution of malicious scripts on the client-side. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For HashBar – WordPress Notification Bar versions 1.4.1 and earlier, update to a version later than 1.4.1 to resolve the issue. As a temporary workaround, consider restricting access to the notification bar feature until a patch is available. Avoid using user-inputted data in the notification bar to minimize the risk of exploitation. At the moment, there is no information about additional mitigation measures.