5 matches found
WordPress File Upload Cross Site Scripting
Exploit Title: WordPress File Upload 4.23.3 Stored XSS CVE 2023-4811 Date: 18 December 2023 Exploit Author: Faiyaz Ahmad Vendor Homepage: https://wordpress.com/ Version: 4.23.3 CVE : CVE 2023-4811 Proof Of Concept: 1. Login to the wordpress account 2. Add the following shortcode to a post in "Fil...
WordPress File Upload Plugin < 4.23.3 - Stored XSS Vulnerability
Exploit Title: WordPress File Upload 4.23.3 Stored XSS CVE 2023-4811 Exploit Author: Faiyaz Ahmad Vendor Homepage: https://wordpress.com/ Version: 4.23.3 CVE : CVE 2023-4811 Proof Of Concept: 1. Login to the wordpress account 2. Add the following shortcode to a post in "File Upload Plugin":...
WordPress File Upload Plugin < 4.23.3 - Stored XSS
Exploit Title: WordPress File Upload 4.23.3 Stored XSS CVE 2023-4811 Date: 18 December 2023 Exploit Author: Faiyaz Ahmad Vendor Homepage: https://wordpress.com/ Version: 4.23.3 CVE : CVE 2023-4811 Proof Of Concept: 1. Login to the wordpress account 2. Add the following shortcode to a post in "Fil...
WordPress File Uploader Plugin < 4.23.3 is vulnerable to Cross Site Scripting (XSS)
Software File Uploader Type Plugin Vulnerable versions 4.23.3 Fixed in 4.23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4811 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1623a29c06e5 Credits FAIYAZ AHMAD Required...
CVE-2023-4811 WordPress File Upload < 4.23.3 - Author+ Stored Cross-Site Scripting
The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks...