4 matches found
CVE-2023-2600
The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2600 Custom Base Terms < 1.0.3 - Admin+ Stored XSS
The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2600
CVE-2023-2600 concerns the WordPress plugin Custom Base Terms prior to version 1.0.3, where certain settings aren’t sanitized or escaped. This can enable stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). The NVD entry assigns CVSS 3.1: AV...
WordPress Custom Base Terms Plugin <= 1.0.2.3 is vulnerable to Cross Site Scripting (XSS)
Software Custom Base Terms Type Plugin Vulnerable versions = 1.0.2.3 Fixed in 1.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2600 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1a97ca0c054e Credits Aymane Mazguiti...