2 matches found
WordPress ConvertKit Plugin < 2.2.1 is vulnerable to Cross Site Scripting (XSS)
Software ConvertKit Type Plugin Vulnerable versions 2.2.1 Fixed in 2.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2337 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 6af91863e6ee Credits Erwan LR WPScan Required...
CVE-2023-2337
The CVE-2023-2337 issue affects the ConvertKit WordPress plugin prior to version 2.2.1. It is caused by not escaping a parameter before outputting it back in an HTML attribute, resulting in a Reflected Cross-Site Scripting vulnerability that could impact high-privilege users (e.g., admins). Publi...