2 matches found
CVE-2023-5292
The CVE-2023-5292 entry concerns the WordPress plugin Advanced Custom Fields: Extended, with stored XSS via the acfe_form shortcode in versions up to and including 0.8.9.3. The issue results from insufficient input sanitization and output escaping on user-supplied attributes, enabling authenticat...
WordPress Advanced Custom Fields: Extended Plugin <= 0.8.9.3 is vulnerable to Cross Site Scripting (XSS)
Software Advanced Custom Fields: Extended Type Plugin Vulnerable versions = 0.8.9.3 Fixed in 0.8.9.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5292 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID f97577760831 Credits...