Cross site scripting

2023-04-1713:15:00

PRIOn knowledge base

www.prio-n.com

wordpress

plugin

xss

vulnerability

high privilege users

nvd

0.001 Low

EPSS

Percentile

31.2%

JSON

The WP VR WordPress plugin before 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CPENameOperatorVersion
wp_vrlt8.2.9

CPE	Name	Operator	Version
	wp_vr	lt	8.2.9

References

wpscan.com/vulnerability/6938fee5-3510-45e6-8112-c9e2b30f6881

0.001 Low

EPSS

Percentile

31.2%

JSON

Related for PRION:CVE-2023-1413