4 matches found
CVE-2023-2795
The CodeColorer WordPress plugin before 0.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2795 CodeColorer < 0.10.1 – Admin+ Stored Cross-Site Scripting
The CodeColorer WordPress plugin before 0.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2795
CVE-2023-2795 affects CodeColorer WordPress plugin versions before 0.10.1. The issue stems from unsanitized/unescaped settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (multisite scenarios). The vulnerability is addressed by upgrading to ...
WordPress CodeColorer Plugin <= 0.10.0 is vulnerable to Cross Site Scripting (XSS)
Software CodeColorer Type Plugin Vulnerable versions = 0.10.0 Fixed in 0.10.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2795 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f0463614e8e4 Credits Ilyase Dehy Required...