4 matches found
CVE-2023-28174
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in eLightUp eRocket plugin = 1.2.4 versions...
CVE-2023-28174 WordPress eRocket Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in eLightUp eRocket plugin = 1.2.4 versions...
CVE-2023-28174
CVE-2023-28174 : Stored XSS in the WordPress plugin eRocket (eLightUp) up to version 1.2.4. Exploitation requires admin-level privileges. Root cause is a stored XSS in eRocket’s admin-exposed context. Version 1.2.5 fixes the issue. Remediation: upgrade to 1.2.5 or later; PatchStack confirms fixed...
WordPress eRocket Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)
Software eRocket Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28174 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d06bf93b9bef Credits Yuki Haruma Required privilege...