Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:52 a.m.14 views

CVE-2023-2578

The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.00474EPSS
Exploits1References1
OSV
OSV
added 2023/07/10 4:15 p.m.6 views

CVE-2023-2578

The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00474EPSS
Exploits1References1
CVE
CVE
added 2023/07/10 12:40 p.m.40 views

CVE-2023-2578

The CVE-2023-2578 entry concerns the WordPress plugin Buy Me a Coffee (pre-3.7). The issue is due to insufficient sanitization/escaping of certain settings, enabling Stored XSS for high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite). Impact is descri...

4.8CVSS4.9AI score0.00474EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/07/10 12:40 p.m.36 views

CVE-2023-2578 Buy Me a Coffee < 3.7 - Admin+ Stored XSS

The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.9AI score0.00474EPSS
Exploits1References1
Rows per page
Query Builder