Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:49 a.m.6 views

CVE-2023-2254

The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk...

4.8CVSS5.5AI score0.00442EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/08/16 11:3 a.m.22 views

CVE-2023-2254 Ko-fi Button < 1.3.3 - Admin+ Stored XSS

The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk...

5AI score0.00442EPSS
Exploits2References1
CVE
CVE
added 2023/08/16 11:3 a.m.48 views

CVE-2023-2254

CVE-2023-2254 affects the Ko-fi Button WordPress plugin prior to v1.3.3. Root cause: improper handling of plugin settings enables Admin+ Stored XSS, even if unfiltered_html is disabled. Impact is described as low risk (per several sources). The fix is to update to v1.3.3 or later (patched version...

4.8CVSS4.8AI score0.00442EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/05/03 12:0 a.m.12 views

WordPress Ko-fi Button Plugin < 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Ko-fi Button Type Plugin Vulnerable versions 1.3.3 Fixed in 1.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2254 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID af182fbd1aaa Credits Felipe Restrepo Rodriguez...

4.8CVSS5.7AI score0.00442EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder