4 matches found
CVE-2023-5738
creationtimestamp| type| source ---|---|--- 2023-12-17 09:06:36+00:00| seen| https://t.me/ctinow/155542...
CVE-2023-5738
CVE-2023-5738 affects WordPress Backup & Migration (plugin up to v1.4.4). Root cause: failure to sanitise/escape certain parameters, enabling Cross-Site Scripting by a Subscriber+ user; confirmed stored XSS path via admin-ajax. Patch availability: fixed in v1.4.5; mitigate by upgrading to 1.4.5 o...
CVE-2023-5738 WordPress Backup & Migration < 1.4.5 - Subscriber+ Stored XSS
The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks...
WordPress WordPress Backup & Migration Plugin < 1.4.5 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Backup & Migration Type Plugin Vulnerable versions 1.4.5 Fixed in 1.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5738 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 9b9d4e9b2aa2 Credits Krzyszt...