4 matches found
WordPress Klaviyo Plugin <= 3.0.10 is vulnerable to Cross Site Scripting (XSS)
Software Klaviyo Type Plugin Vulnerable versions = 3.0.10 Fixed in 3.0.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0874 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9cbb77409b1f Credits Rafshanzani Suhada Required...
CVE-2023-0874
The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-0874 Klaviyo <= 3.0.10 - Admin+ Stored XSS
The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-0874
CVE-2023-0874 affects the Klaviyo WordPress plugin