3 matches found
CVE-2023-1413
The WP VR WordPress plugin before 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-1413
CVE-2023-1413 concerns the WP VR WordPress plugin prior to version 8.2.9. The vulnerability is a reflected Cross-Site Scripting (XSS) caused by insufficient sanitisation/escaping of parameters before echoing them on output. This could be exploited against high-privilege users such as admins. Acco...
WordPress WP VR Plugin < 8.2.9 is vulnerable to Cross Site Scripting (XSS)
Software WP VR Type Plugin Vulnerable versions 8.2.9 Fixed in 8.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1413 Patch priority High CVSS severity High 7.1 Developer WPFunnels Team PSID f109d593f865 Credits Erwan LR WPScan Required privilege...