Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:13 a.m.13 views

CVE-2023-4022

The Herd Effects WordPress plugin before 5.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.00402EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/09/12 12:0 a.m.13 views

WordPress Herd Effects Plugin < 5.2.3 is vulnerable to Cross Site Scripting (XSS)

Software Herd Effects Type Plugin Vulnerable versions 5.2.3 Fixed in 5.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4022 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fe54b6fbdb79 Credits Bob Matyas Required privilege...

4.8CVSS6AI score0.00402EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/11 7:46 p.m.9 views

CVE-2023-4022 Herd Effects < 5.2.3 - Admin+ Stored XSS

The Herd Effects WordPress plugin before 5.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7AI score0.00402EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/09/11 7:46 p.m.30 views

CVE-2023-4022 Herd Effects < 5.2.3 - Admin+ Stored XSS

The Herd Effects WordPress plugin before 5.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00402EPSS
Exploits2References1
CVE
CVE
added 2023/09/11 7:46 p.m.43 views

CVE-2023-4022

The CVE-2023-4022 entry describes a Stored XSS vulnerability in the WordPress plugin Herd Effects, versions prior to 5.2.3. The issue arises because the plugin does not sanitize and escape certain settings, potentially allowing an administrator (high-privilege user) to inject scripts even when un...

4.8CVSS4.7AI score0.00402EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder