5 matches found
CVE-2023-2835
The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2023-2835
creationtimestamp| type| source ---|---|--- 2023-06-02 12:40:12+00:00| seen| https://t.me/cibsecurity/64876...
CVE-2023-2835
The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2023-2835 WP Directory Kit <= 1.2.3 - Reflected Cross-Site Scripting via 'search'
The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2023-2835
WP Directory Kit for WordPress is affected by a Reflected XSS in the search parameter up to version 1.2.3 due to insufficient input sanitization/escaping. Exploitation requires user interaction (e.g., clicking a link). Patch 1.2.4 fixes this issue; update to 1.2.4+ or apply mitigations as describ...