3 matches found
CVE-2023-5135 Simple Cloudflare Turnstile <= 1.23.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gravity-simple-turnstile' shortcode in versions up to, and including, 1.23.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-5135
CVE-2023-5135 concerns the WordPress plugin “Simple Cloudflare Turnstile.” A stored XSS flaw exists in versions up to and including 1.23.1 due to insufficient input sanitization and output escaping on user-supplied attributes in the gravity-simple-turnstile shortcode. Exploitation requires an aut...
WordPress Simple Cloudflare Turnstile Plugin <= 1.23.1 is vulnerable to Cross Site Scripting (XSS)
Software Simple Cloudflare Turnstile Type Plugin Vulnerable versions = 1.23.1 Fixed in 1.23.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5135 Patch priority Low CVSS severity Low 6.5 Developer RelyWP PSID 89023cff61f7 Credits Lana Codes Required...