Lucene search
+L

4 matches found

CVE
CVE
added 2023/06/19 10:52 a.m.78 views

CVE-2023-2684

CVE-2023-2684 affects the WordPress plugin File Renaming on Upload (before 2.5.2). Root cause: the plugin does not sanitize and escape certain settings, enabling stored cross-site scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Impact is...

4.8CVSS4.9AI score0.00442EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/19 10:52 a.m.11 views

CVE-2023-2684 File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting

The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7AI score0.00442EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/06/19 10:52 a.m.31 views

CVE-2023-2684 File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting

The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00442EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/06/19 12:0 a.m.9 views

WordPress File Renaming on Upload Plugin < 2.5.2 is vulnerable to Cross Site Scripting (XSS)

Software File Renaming on Upload Type Plugin Vulnerable versions 2.5.2 Fixed in 2.5.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2684 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 40dbdf1fdc55 Credits Hao Huynh My Le...

4.8CVSS5.7AI score0.00442EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder