3 matches found
CVE-2023-4471
The Order Tracking Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the startdate and enddate parameters in versions up to, and including, 3.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2023-4471
The Order Tracking Pro WordPress plugin is vulnerable to Reflected Cross-Site Scripting via start_date and end_date in versions up to 3.3.6 due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject web scripts into pages executed when a user is tr...
WordPress Order Tracking Plugin <= 3.3.6 is vulnerable to Cross Site Scripting (XSS)
Software Order Tracking Type Plugin Vulnerable versions = 3.3.6 Fixed in 3.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4471 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 29d4142f0f03 Credits Marco Wotschka...