5 matches found
CVE-2023-3130
The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-3130
creationtimestamp| type| source ---|---|--- 2023-07-31 14:37:41+00:00| seen| https://t.me/cibsecurity/67444...
CVE-2023-3130
The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-3130
CVE-2023-3130 affects the Short URL WordPress plugin prior to version 1.6.5. The vulnerability arises because the plugin does not adequately sanitise and escape certain settings, enabling a high-privilege user (e.g., an administrator) to perform Stored Cross-Site Scripting (XSS). This can occur e...
WordPress Short URL Plugin < 1.6.5 is vulnerable to Cross Site Scripting (XSS)
Software Short URL Type Plugin Vulnerable versions 1.6.5 Fixed in 1.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3130 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9ca4df5fae13 Credits Bob Matyas Required privilege...