Lucene search
K

4 matches found

CVE
CVE
added 2023/08/14 7:10 p.m.70 views

CVE-2023-2606

The CVE refers to WP Brutal AI, a WordPress plugin, with versions before 2.06 vulnerable to Stored XSS due to incomplete sanitisation/escaping of settings. Affected: WP Brutal AI plugin for WordPress; root cause: improper sanitisation/escaping of settings; impact: stored XSS that could be exploit...

4.8CVSS4.9AI score0.01973EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2023/08/14 7:10 p.m.28 views

CVE-2023-2606 WP Brutal AI < 2.06 - Admin+ Stored XSS

The WP Brutal AI WordPress plugin before 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.01973EPSS
Exploits3References1
Patchstack
Patchstack
added 2023/07/27 12:0 a.m.18 views

WordPress WP Brutal AI Plugin < 2.06 is vulnerable to Cross Site Scripting (XSS)

Software WP Brutal AI Type Plugin Vulnerable versions 2.06 Fixed in 2.06 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2606 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 658179337e78 Credits Taurus Omar Required privilege...

4.8CVSS6AI score0.01973EPSS
Exploits3References3Affected Software1
Packet Storm
Packet Storm
added 2023/07/25 12:0 a.m.419 views

WordPress WP Brutal AI Cross Site Scripting

Tittle: WordPress Plugin WP Brutal AI " 3. Save the changes to trigger XSS. Classification: Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/62deb3ed-a7e4-4cdc-a615-cad2ec2e1e8f...

7.1AI score0.01973EPSS
Exploits3
Rows per page
Query Builder