4 matches found
CVE-2023-0894
The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2023-0894 Pickup | Delivery | Dine-in date time <= 1.0.9 - Admin+ Stored XSS
The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2023-0894
CVE-2023-0894 affects The Pickup | Delivery | Dine-in date time WordPress plugin up to version 1.0.9. The vulnerability stems from insufficient sanitisation/escaping of certain settings, allowing Stored XSS by high-privilege users (e.g., Admin) even when unfiltered_html is disallowed (e.g., multi...
WordPress Pickup | Delivery | Dine-in date time Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)
Software Pickup | Delivery | Dine-in date time Type Plugin Vulnerable versions = 1.0.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0894 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b34002e286cc Credits Sajj...