4 matches found
CVE-2023-2254
The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk...
CVE-2023-2254 Ko-fi Button < 1.3.3 - Admin+ Stored XSS
The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk...
CVE-2023-2254
CVE-2023-2254 affects the Ko-fi Button WordPress plugin prior to v1.3.3. Root cause: improper handling of plugin settings enables Admin+ Stored XSS, even if unfiltered_html is disabled. Impact is described as low risk (per several sources). The fix is to update to v1.3.3 or later (patched version...
WordPress Ko-fi Button Plugin < 1.3.3 is vulnerable to Cross Site Scripting (XSS)
Software Ko-fi Button Type Plugin Vulnerable versions 1.3.3 Fixed in 1.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2254 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID af182fbd1aaa Credits Felipe Restrepo Rodriguez...