3 matches found
CVE-2023-2113 Autoptimize < 3.1.7 - Admin+ Stored Cross-Site Scripting via Settings Import
The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users such as an administrator to inject arbitrary javascript into the admin panel, even when the unfilteredhtml capability is disabled, such as in a...
CVE-2023-2113
Summary: CVE-2023-2113 affects the Autoptimize WordPress plugin prior to 3.1.7. The vulnerability arises from failing to sanitize and escape settings imported from a previous export, enabling a high-privilege user (e.g., an administrator) to inject arbitrary JavaScript into the admin panel (store...
WordPress Autoptimize Plugin < 3.1.7 is vulnerable to Cross Site Scripting (XSS)
Software Autoptimize Type Plugin Vulnerable versions 3.1.7 Fixed in 3.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2113 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 45f6a5c2bef1 Credits Juampa Rodríguez Required...