Lucene search
WPScanCVELIST:CVE-2023-6037HistoryJan 01, 2024 - 2:18 p.m.
CVE-2023-6037 WP TripAdvisor Review Slider < 11.9 - Admin+ Stored XSS
2024-01-0114:18:57
WPScan
www.cve.org
1
vulnerability
wordpress plugin
stored xss
admin privilege
unfiltered_html disallowed
security
0.0004 Low
EPSS
Percentile
14.2%
The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CNA Affected
[
{
"vendor": "Unknown",
"product": "WP TripAdvisor Review Slider",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "11.9"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
WP TripAdvisor Review Slider < 11.9 - Admin+ Stored XSS
2023-12-11 00:00:00
nvd
nvd
CVE-2023-6037
2024-01-01 15:15:43
cve
cve
CVE-2023-6037
2024-01-01 15:15:43
prion
prion
Cross site scripting
2024-01-01 15:15:00
wpexploit
wpexploit
WP TripAdvisor Review Slider < 11.9 - Admin+ Stored XSS
2023-12-11 00:00:00