3 matches found
CVE-2023-1025
CVE-2023-1025 concerns the WordPress plugin Simple File List prior to version 6.0.10. The issue arises from insufficient sanitisation and escaping of certain settings, enabling Stored Cross-Site Scripting (XSS) by high-privilege users (e.g., admin) even when unfiltered_html is disallowed (such as...
CVE-2023-1025 Simple File List < 6.0.10 - Admin+ Stored XSS
The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Simple File List Plugin < 6.0.10 is vulnerable to Cross Site Scripting (XSS)
Software Simple File List Type Plugin Vulnerable versions 6.0.10 Fixed in 6.0.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1025 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4dbc0bed323f Credits Shreya Pohekar Required...