3 matches found
CVE-2023-4250
The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-4250
The CVE-2023-4250 entry concerns the EventPrime WordPress plugin, affected in versions prior to 3.2.0. The root cause is failure to sanitise and escape certain parameters before echoing them in the page, causing a Reflected Cross-Site Scripting (XSS) vulnerability. Impact is described as enabling...
WordPress EventPrime Plugin < 3.2.0 is vulnerable to Cross Site Scripting (XSS)
Software EventPrime Type Plugin Vulnerable versions 3.2.0 Fixed in 3.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4250 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ec5f591b9a22 Credits Miguel Santareno Required...