PT-2025-21383 · WordPress · The Illi Link Party!
Bob Matyas
·
Published
2025-05-15
·
Updated
2025-05-16
·
CVE-2023-7228
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
The illi Link Party! WordPress plugin version 1.0
Description:
The issue allows unauthenticated visitors to perform Cross-Site Scripting attacks due to the plugin's failure to sanitise and escape some parameters.
Recommendations:
For The illi Link Party! WordPress plugin version 1.0, update to a version that properly sanitises and escapes parameters to prevent Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to sensitive areas of the website to minimise the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Illi Link Party!