5 matches found
CVE-2023-2223
The Login rebuilder WordPress plugin before 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2223
The CVE-2023-2223 entry concerns the WordPress plugin Login Rebuilder prior to version 2.8.1, which does not sanitize/escape certain settings. This allows high-privilege users (e.g., admins) to perform a Stored XSS, even when unfiltered_html is disallowed (such as in multisite). The root cause is...
CVE-2023-2223 Login Rebuilder < 2.8.1 - Admin+ Stored XSS
The Login rebuilder WordPress plugin before 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2223 Login Rebuilder < 2.8.1 - Admin+ Stored XSS
The Login rebuilder WordPress plugin before 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Login Rebuilder Plugin < 2.8.1 is vulnerable to Cross Site Scripting (XSS)
Software Login Rebuilder Type Plugin Vulnerable versions 2.8.1 Fixed in 2.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2223 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b98403680c8c Credits Taurus Omar Required...