Lucene search
+L

4 matches found

Circl
Circl
added 2023/12/17 9:6 a.m.8 views

CVE-2023-5738

creationtimestamp| type| source ---|---|--- 2023-12-17 09:06:36+00:00| seen| https://t.me/ctinow/155542...

5.4CVSS6.6AI score0.00426EPSS
Exploits2References1
CVE
CVE
added 2023/11/27 4:22 p.m.67 views

CVE-2023-5738

CVE-2023-5738 affects WordPress Backup & Migration (plugin up to v1.4.4). Root cause: failure to sanitise/escape certain parameters, enabling Cross-Site Scripting by a Subscriber+ user; confirmed stored XSS path via admin-ajax. Patch availability: fixed in v1.4.5; mitigate by upgrading to 1.4.5 o...

5.4CVSS5.5AI score0.00426EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/11/27 4:22 p.m.48 views

CVE-2023-5738 WordPress Backup & Migration < 1.4.5 - Subscriber+ Stored XSS

The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks...

5.5AI score0.00426EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/11/08 12:0 a.m.15 views

WordPress WordPress Backup & Migration Plugin < 1.4.5 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Backup & Migration Type Plugin Vulnerable versions 1.4.5 Fixed in 1.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5738 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9b9d4e9b2aa2 Credits Krzyszt...

5.4CVSS5.6AI score0.00426EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder