Lucene search
WPScanCVELIST:CVE-2023-0389HistoryJan 16, 2024 - 3:56 p.m.
CVE-2023-0389 Calculated Fields Form < 1.1.151 - Admin+ Stored Cross-Site Scripting via Dropdown Fields
2024-01-1615:56:07
WPScan
www.cve.org
wordpress plugin
stored cross-site scripting
security vulnerability
admin privilege
0.0004 Low
EPSS
Percentile
14.2%
The Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CNA Affected
[
{
"vendor": "Unknown",
"product": "Calculated Fields Form",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "1.1.151"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Cross site scripting
2024-01-16 16:15:00
cve
cve
CVE-2023-0389
2024-01-16 16:15:10
wpvulndb
wpvulndb
wpexploit
wpexploit
nvd
nvd
CVE-2023-0389
2024-01-16 16:15:10
wordfence
wordfence