PT-2024-15167 · WordPress · List Category Posts
Ancorn
+1
·
Published
2024-01-11
·
Updated
2024-01-17
·
CVE-2023-6994
6.5
Medium
| Base vector | Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
The List category posts plugin for WordPress versions up to, and including, 0.89.3
Description:
The issue is related to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Recommendations:
For versions up to, and including, 0.89.3, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the 'catlist' shortcode for users with contributor-level and above permissions until a patch is available.
Fix
XSS
Weakness Enumeration
Related Identifiers
Affected Products
References · 10
- https://osv.dev/vulnerability/CVE-2023-6994 · Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-6994 · Security Note
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3018689%40list-category-posts&new=3018689%40list-category-posts&sfp_email=&sfph_mail= · Patch
- https://plugins.svn.wordpress.org/list-category-posts/trunk/include/lcp-wrapper.php · Note
- https://twitter.com/CVEnew/status/1745368088638325062 · Twitter Post
- https://wordfence.com/threat-intel/vulnerabilities/id/611871cc-737f-44e3-baf5-dbaa8bd8eb81?source=cve · Note
- https://t.me/cvenotify/67804 · Telegram Post
- https://plugins.svn.wordpress.org/list-category-posts/trunk/list-category-posts.php · Note
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6994 · Note
- https://twitter.com/VulmonFeeds/status/1745409961348256072 · Twitter Post