CVE-2023-0230

The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0230

creationtimestamp| type| source ---|---|--- 2025-03-10 19:39:13+00:00| seen| Telegram/eHcNNX90pzgaP9bHeKVQ0hUNDRdBdsZotGNHRZSewU2GXJF...

WordPress VK All in One Expansion Unit Plugin < 9.86.0.0 is vulnerable to Cross Site Scripting (XSS)

Software VK All in One Expansion Unit Type Plugin Vulnerable versions 9.86.0.0 Fixed in 9.86.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0230 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ada9adbd1470 Credits...

CVE-2023-0230

The CVE-2023-0230 entry pertains to the VK All in One Expansion Unit WordPress plugin prior to version 9.86.0.0, which does not validate or escape certain block options when output in an embedded block, enabling Stored XSS for users with the contributor role or higher. Information from multiple c...

CVE-2023-0230 VK All in One Expansion Unit < 9.86.0.0 - Contributor+ Stored XSS

The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...