Lucene search
PRIOn knowledge basePRION:CVE-2023-3369HistoryJul 12, 2023 - 5:15 a.m.
Cross site scripting
2023-07-1205:15:00
PRIOn knowledge base
www.prio-n.com
3
wordpress
about me 3000 plugin
cross-site scripting
stored
vulnerable
admin settings
input sanitization
output escaping
authenticated attackers
arbitrary web scripts
multi-site installations
unfiltered html disabled
nvd
0.001 Low
EPSS
Percentile
27.6%
The About Me 3000 widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
| CPE | Name | Operator | Version |
|---|---|---|---|
| about_me_3000 | le | 2.2.6 |
Related
cve
cve
CVE-2023-3369
2023-07-12 05:15:10
cvelist
cvelist
CVE-2023-3369
2023-07-12 04:38:48
wpvulndb
wpvulndb
About Me 3000 widget <= 2.2.6 - Administrator Stored Cross-Site Scripting
2023-06-22 00:00:00
nvd
nvd
CVE-2023-3369
2023-07-12 05:15:10
wordfence
wordfence