4 matches found
CVE-2023-5560
The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks...
CVE-2023-5560 WP-UserOnline < 2.88.3 - Unauthenticated Stored XSS
The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks...
CVE-2023-5560 WP-UserOnline < 2.88.3 - Unauthenticated Stored XSS
The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks...
CVE-2023-5560
The CVE-2023-5560 entry concerns the WP-UserOnline WordPress plugin (versions prior to 2.88.3). The root cause is failure to sanitize and escape the X-Forwarded-For header when its content is output on a page, enabling unauthenticated users to perform a Stored Cross-Site Scripting (XSS) attack. D...