5 matches found
CVE-2023-4022
The Herd Effects WordPress plugin before 5.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Herd Effects Plugin < 5.2.3 is vulnerable to Cross Site Scripting (XSS)
Software Herd Effects Type Plugin Vulnerable versions 5.2.3 Fixed in 5.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4022 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fe54b6fbdb79 Credits Bob Matyas Required privilege...
CVE-2023-4022 Herd Effects < 5.2.3 - Admin+ Stored XSS
The Herd Effects WordPress plugin before 5.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-4022 Herd Effects < 5.2.3 - Admin+ Stored XSS
The Herd Effects WordPress plugin before 5.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-4022
The CVE-2023-4022 entry describes a Stored XSS vulnerability in the WordPress plugin Herd Effects, versions prior to 5.2.3. The issue arises because the plugin does not sanitize and escape certain settings, potentially allowing an administrator (high-privilege user) to inject scripts even when un...