CVE-2023-0604

The WP Food Manager WordPress plugin before 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-0604

CVE-2023-0604 : The WP Food Manager WordPress plugin (versions before 1.0.4) does not sanitize/escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). The evidence from connected advisories confirms the vulnera...

WordPress WP Food Manager Plugin < 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WP Food Manager Type Plugin Vulnerable versions 1.0.4 Fixed in 1.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0604 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 80c244e4b184 Credits Nithissh Sathish Required...

WP Food Manager < 1.0.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Food manager Add Food" and a...

WordPress plugin WP Food Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...