Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:32 a.m.7 views

CVE-2023-5560

The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks...

6.1CVSS6.2AI score0.0051EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2023/11/27 4:22 p.m.8 views

CVE-2023-5560 WP-UserOnline < 2.88.3 - Unauthenticated Stored XSS

The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks...

6.2AI score0.0051EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/11/27 4:22 p.m.31 views

CVE-2023-5560 WP-UserOnline < 2.88.3 - Unauthenticated Stored XSS

The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks...

6.3AI score0.0051EPSS
Exploits2References1
CVE
CVE
added 2023/11/27 4:22 p.m.58 views

CVE-2023-5560

The CVE-2023-5560 entry concerns the WP-UserOnline WordPress plugin (versions prior to 2.88.3). The root cause is failure to sanitize and escape the X-Forwarded-For header when its content is output on a page, enabling unauthenticated users to perform a Stored Cross-Site Scripting (XSS) attack. D...

6.1CVSS6.1AI score0.0051EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder