Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:34 a.m.14 views

CVE-2023-2795

The CodeColorer WordPress plugin before 0.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.00442EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/06/27 1:17 p.m.30 views

CVE-2023-2795 CodeColorer < 0.10.1 – Admin+ Stored Cross-Site Scripting

The CodeColorer WordPress plugin before 0.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00442EPSS
Exploits2References1
CVE
CVE
added 2023/06/27 1:17 p.m.52 views

CVE-2023-2795

CVE-2023-2795 affects CodeColorer WordPress plugin versions before 0.10.1. The issue stems from unsanitized/unescaped settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (multisite scenarios). The vulnerability is addressed by upgrading to ...

4.8CVSS4.7AI score0.00442EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/06/05 12:0 a.m.13 views

WordPress CodeColorer Plugin <= 0.10.0 is vulnerable to Cross Site Scripting (XSS)

Software CodeColorer Type Plugin Vulnerable versions = 0.10.0 Fixed in 0.10.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2795 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f0463614e8e4 Credits Ilyase Dehy Required...

4.8CVSS6AI score0.00442EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder