Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:46 a.m.8 views

CVE-2023-3130

The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.00497EPSS
Exploits2References1
Circl
Circl
added 2023/07/31 2:37 p.m.8 views

CVE-2023-3130

creationtimestamp| type| source ---|---|--- 2023-07-31 14:37:41+00:00| seen| https://t.me/cibsecurity/67444...

4.8CVSS6.3AI score0.00497EPSS
Exploits2References1
NVD
NVD
added 2023/07/31 10:15 a.m.27 views

CVE-2023-3130

The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00497EPSS
Exploits2References1
CVE
CVE
added 2023/07/31 9:37 a.m.63 views

CVE-2023-3130

CVE-2023-3130 affects the Short URL WordPress plugin prior to version 1.6.5. The vulnerability arises because the plugin does not adequately sanitise and escape certain settings, enabling a high-privilege user (e.g., an administrator) to perform Stored Cross-Site Scripting (XSS). This can occur e...

4.8CVSS4.9AI score0.00497EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/07/12 12:0 a.m.13 views

WordPress Short URL Plugin < 1.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Short URL Type Plugin Vulnerable versions 1.6.5 Fixed in 1.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3130 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9ca4df5fae13 Credits Bob Matyas Required privilege...

4.8CVSS5.7AI score0.00497EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder