3 matches found
WordPress Simple Download Counter Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)
Software Simple Download Counter Type Plugin Vulnerable versions = 1.6 Fixed in 1.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4838 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a3fef251b40f Credits NGÔ THIÊN AN ancor...
CVE-2023-4838
The CVE-2023-4838 entry concerns the WordPress Simple Download Counter plugin. Affected: versions up to and including 1.6. Root cause: insufficient input sanitization and output escaping on shortcode attributes (e.g., before and after). Impact: stored cross-site scripting that authenticated users...
CVE-2023-4838
The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'before' and 'after'. This makes it possible...