PT-2024-15206 · WordPress · Voting Record

Daniel Ruf

Published

2024-01-16

Updated

2024-01-19

CVE-2023-7084

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Voting Record WordPress plugin versions 2.0 and earlier

Description The issue is related to missing sanitisation and escaping in the Voting Record WordPress plugin, which could allow any authenticated users, such as subscribers, to perform Stored XSS attacks.

Recommendations For versions 2.0 and earlier, update to a version that includes proper sanitisation and escaping to prevent Stored XSS attacks. As a temporary workaround, consider restricting access to authenticated users to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-7084

Affected Products

Voting Record

PT-2024-15206 · WordPress · Voting Record

CVE-2023-7084

Weakness Enumeration

Related Identifiers

Affected Products

References · 6