Lucene search

K
cvelistWPScanCVELIST:CVE-2023-0589
HistoryMar 27, 2023 - 3:37 p.m.

CVE-2023-0589 WP Image Carousel <= 1.0.2 - Contributor+ Stored XSS

2023-03-2715:37:39
WPScan
www.cve.org
cve-2023-0589
wordpress
plugin
sanitise
escape
parameters
cross-site scripting

0.001 Low

EPSS

Percentile

23.3%

The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WP Image Carousel",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "1.0.2"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

0.001 Low

EPSS

Percentile

23.3%

Related for CVELIST:CVE-2023-0589