5 matches found
WordPress Go Pricing Plugin < 3.4 is vulnerable to Cross Site Scripting (XSS)
Software Go Pricing Type Plugin Vulnerable versions 3.4 Fixed in 3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2498 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 27531616264d Credits Lana Codes Required privilege...
CVE-2023-2498
creationtimestamp| type| source ---|---|--- 2023-05-24 07:26:46+00:00| seen| https://t.me/cibsecurity/64666...
CVE-2023-2498
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.19 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inje...
CVE-2023-2498 Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.19 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inje...
CVE-2023-2498
CVE-2023-2498 affects the Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress. A stored XSS via shortcodes exists in versions up to and including 3.3.19 due to insufficient input sanitization and output escaping, enabling contributed-level attackers to inject scripts on pages vi...