EUVD-2023-57577

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

FareHarbor plugin for WordPress allows Stored Cross-Site Scripting due to inadequate input sanitization.

Reporter	Title	Published	Views	Family All 12
CNNVD	WordPress Plugin FareHarbor Cross-Site Scripting Vulnerability	30 Oct 202300:00	–	cnnvd
CVE	CVE-2023-5252	30 Oct 202313:48	–	cve
Cvelist	CVE-2023-5252 FareHarbor for WordPress <= 3.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	30 Oct 202313:48	–	cvelist
NVD	CVE-2023-5252	30 Oct 202314:15	–	nvd
Patchstack	WordPress FareHarbor for WordPress Plugin <= 3.6.7 is vulnerable to Cross Site Scripting (XSS)	30 Oct 202300:00	–	patchstack
Prion	Cross site scripting	30 Oct 202314:15	–	prion
Positive Technologies	PT-2023-31976 · WordPress · Fareharbor	30 Oct 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-5252	23 May 202504:31	–	redhatcve
Vulnrichment	CVE-2023-5252 FareHarbor for WordPress <= 3.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	30 Oct 202313:48	–	vulnrichment
Wordfence Blog	Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting	12 Dec 202317:18	–	wordfence

[
  {
    "enisaIdVendor": [
      {
        "id": "f50a0578-6f8e-3d97-ae79-44758faacbbb",
        "vendor": {
          "name": "FareHarbor"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "e7f2cadd-e788-39b3-a516-6969aee39abe",
        "product": {
          "name": "FareHarbor for WordPress"
        },
        "product_version": "* ≤3.6.7"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/42ad6fef-4280-45db-a3e2-6d7522751fa7
plugins	www.plugins.trac.wordpress.org/browser/fareharbor/tags/3.6.7/fareharbor.php

03 Oct 2025 20:07Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.15.4 - 6.4

EPSS0.00118

SSVC