Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:58 a.m.17 views

CVE-2023-6529

The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admininit, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities...

6.1CVSS6.8AI score0.00219EPSS
Exploits1
OSV
OSV
added 2024/01/08 7:15 p.m.6 views

CVE-2023-6529

The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admininit, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities...

6.1CVSS5.8AI score0.00219EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/01/08 7:0 p.m.32 views

CVE-2023-6529 WP VR < 8.3.15 - Unauthenticated Plugin Downgrade leading to XSS

The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admininit, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities...

6.5AI score0.00219EPSS
Exploits1References1
CVE
CVE
added 2024/01/08 7:0 p.m.47 views

CVE-2023-6529

Affected product: WP VR WordPress plugin before version 8.3.15. Root cause: missing authorization and CSRF protection in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin. Impact: can lead to reflected or stored XSS (as noted in multiple sources). Exploitatio...

6.1CVSS6.3AI score0.00219EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder