Lucene search
WPScanCVELIST:CVE-2023-2320HistoryJul 04, 2023 - 7:23 a.m.
CVE-2023-2320 CF7 Google Sheets Connector < 5.0.2 - Reflected XSS
2023-07-0407:23:30
WPScan
www.cve.org
3
wordpress
plugin
xss
vulnerability
google sheets
EPSS
0.001
Percentile
29.5%
The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-google-sheets-connector-pro WordPress plugin through 5.0.2 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CNA Affected
[
{
"vendor": "Unknown",
"product": "CF7 Google Sheets Connector",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "5.0.2"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
},
{
"vendor": "Unknown",
"product": "cf7-google-sheets-connector-pro",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "5.0.2"
}
],
"defaultStatus": "affected"
}
]Related
prion
prion
Cross site scripting
2023-07-04 08:15:00
wpvulndb
wpvulndb
CF7 Google Sheets Connector (Free < 5.0.2, Pro < 2.3.7) - Reflected XSS
2023-06-12 00:00:00
nvd
nvd
CVE-2023-2320
2023-07-04 08:15:10
wpexploit
wpexploit
CF7 Google Sheets Connector (Free < 5.0.2, Pro < 2.3.7) - Reflected XSS
2023-06-12 00:00:00
cve
cve
CVE-2023-2320
2023-07-04 08:15:10
wordfence
wordfence