4 matches found
CVE-2023-2606
The CVE refers to WP Brutal AI, a WordPress plugin, with versions before 2.06 vulnerable to Stored XSS due to incomplete sanitisation/escaping of settings. Affected: WP Brutal AI plugin for WordPress; root cause: improper sanitisation/escaping of settings; impact: stored XSS that could be exploit...
CVE-2023-2606 WP Brutal AI < 2.06 - Admin+ Stored XSS
The WP Brutal AI WordPress plugin before 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress WP Brutal AI Plugin < 2.06 is vulnerable to Cross Site Scripting (XSS)
Software WP Brutal AI Type Plugin Vulnerable versions 2.06 Fixed in 2.06 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2606 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 658179337e78 Credits Taurus Omar Required privilege...
WordPress WP Brutal AI Cross Site Scripting
Tittle: WordPress Plugin WP Brutal AI " 3. Save the changes to trigger XSS. Classification: Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/62deb3ed-a7e4-4cdc-a615-cad2ec2e1e8f...