3 matches found
CVE-2023-3492
CVE-2023-3492 affects the WP Shopping Pages WordPress plugin up to version 1.14. The vulnerability arises from missing CSRF checks, insufficient sanitisation and escaping, enabling an authenticated attacker to trigger a Stored XSS payload in a logged-in admin account via CSRF. The connected Red H...
CVE-2023-3492 WP Shopping Pages <= 1.14 - Stored XSS via CSRF
The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
WordPress WP Shopping Pages Plugin <= 1.14 is vulnerable to Cross Site Scripting (XSS)
Software WP Shopping Pages Type Plugin Vulnerable versions = 1.14 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3492 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 898c5bf8d8e1 Credits Katharina Altmann...