Lucene search
+L

4 matches found

NVD
NVD
added 2023/06/19 11:15 a.m.21 views

CVE-2023-2600

The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.8AI score0.0047EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/06/19 10:52 a.m.6 views

CVE-2023-2600 Custom Base Terms < 1.0.3 - Admin+ Stored XSS

The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8AI score0.0047EPSS
Exploits1References1
CVE
CVE
added 2023/06/19 10:52 a.m.41 views

CVE-2023-2600

CVE-2023-2600 concerns the WordPress plugin Custom Base Terms prior to version 1.0.3, where certain settings aren’t sanitized or escaped. This can enable stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). The NVD entry assigns CVSS 3.1: AV...

4.8CVSS4.8AI score0.0047EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2023/05/11 12:0 a.m.12 views

WordPress Custom Base Terms Plugin <= 1.0.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Custom Base Terms Type Plugin Vulnerable versions = 1.0.2.3 Fixed in 1.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2600 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1a97ca0c054e Credits Aymane Mazguiti...

4.8CVSS5.8AI score0.0047EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder