CVE-2023-2995

creationtimestamp| type| source ---|---|--- 2023-09-20 00:29:37+00:00| seen| https://t.me/cibsecurity/70752...

CVE-2023-2995

The Leyka WordPress plugin before 3.30.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-2995 Leyka < 3.30.4 - Admin+ Stored XSS

The Leyka WordPress plugin before 3.30.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-2995 Leyka < 3.30.4 - Admin+ Stored XSS

The Leyka WordPress plugin before 3.30.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-2995

The CVE reports a stored XSS vulnerability in the Leyka WordPress plugin, affecting versions prior to 3.30.4. Root cause: the plugin does not adequately sanitize and escape certain settings, enabling high-privilege users (e.g., administrators) to inject scripts even when unfiltered_html is disabl...

WordPress Leyka Plugin <= 3.30.3 is vulnerable to Cross Site Scripting (XSS)

Software Leyka Type Plugin Vulnerable versions = 3.30.3 Fixed in 3.30.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2995 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID 55473173d1a6 Credits An Dang Required privilege...