Lucene search
PRIOn knowledge basePRION:CVE-2023-6163HistoryJan 15, 2024 - 4:15 p.m.
Cross site scripting
2024-01-1516:15:00
PRIOn knowledge base
www.prio-n.com
4
cross site scripting
stored cross-site scripting
wordpress plugin
settings sanitization
high privilege users
admin
unfiltered_html capability
multisite setup
The WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
| CPE | Name | Operator | Version |
|---|---|---|---|
| wp_crowdfunding | lt | 2.1.10 |
Related
wpexploit
wpexploit
WP Crowdfunding < 2.1.10 - Admin+ Stored XSS
2023-12-22 00:00:00
cvelist
cvelist
CVE-2023-6163 WP Crowdfunding < 2.1.10 - Admin+ Stored XSS
2024-01-15 15:10:41
wpvulndb
wpvulndb
WP Crowdfunding < 2.1.10 - Admin+ Stored XSS
2023-12-22 00:00:00
nvd
nvd
CVE-2023-6163
2024-01-15 16:15:12
cve
cve
CVE-2023-6163
2024-01-15 16:15:12