Lucene search
CVE-2023-0937
The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 is prone to Reflected XSS via an unescaped REQUEST_URI parameter
Show more
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | VK All in One Expansion Unit < 9.87.1.0 - Reflected XSS | 23 Feb 202300:00 | – | wpvulndb |
 | CVE-2023-0937 VK All in One Expansion Unit < 9.87.1.0 - Reflected XSS | 20 Mar 202315:52 | – | vulnrichment |
 | Cross site scripting | 20 Mar 202316:15 | – | prion |
 | CVE-2023-0937 | 20 Mar 202316:15 | – | nvd |
 | VK All in One Expansion Unit < 9.87.1.0 - Reflected XSS | 23 Feb 202300:00 | – | wpexploit |
 | CVE-2023-0937 VK All in One Expansion Unit < 9.87.1.0 - Reflected XSS | 20 Mar 202315:52 | – | cvelist |
 | WordPress VK All in One Expansion Unit Plugin < 9.87.1.0 XSS Vulnerability | 16 Oct 202300:00 | – | openvas |
 | Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 20, 2023 to Feb 26, 2023) | 2 Mar 202314:49 | – | wordfence |
Node
[
{
"vendor": "Unknown",
"product": "VK All in One Expansion Unit",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "9.87.1.0"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| b | query param | /wp-admin/admin.php?page=vkExUnit_css_customize | Reflected Cross-Site Scripting vulnerability due to lack of escaping $_SERVER['REQUEST_URI'] in the output. | CWE-79 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo20 Mar 2023 16:15Current
6.1Medium risk
Vulners AI Score6.1
CVSS36.1
EPSS0.00199
SSVC