Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:5 a.m.8 views

CVE-2023-6067

The WP User Profile Avatar WordPress plugin through 1.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

5.4CVSS5.9AI score0.0042EPSS
Exploits2References1
NVD
NVD
added 2024/04/15 5:15 a.m.20 views

CVE-2023-6067

The WP User Profile Avatar WordPress plugin through 1.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

5.4CVSS5.6AI score0.0042EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/04/15 5:0 a.m.25 views

CVE-2023-6067 WP User Profile Avatar <= 1.0.1 - Contributor+ Stored XSS

The WP User Profile Avatar WordPress plugin through 1.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

5.8AI score0.0042EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/04/15 5:0 a.m.13 views

CVE-2023-6067 WP User Profile Avatar <= 1.0.1 - Contributor+ Stored XSS

The WP User Profile Avatar WordPress plugin through 1.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

5.8AI score0.0042EPSS
Exploits2References1
Patchstack
Patchstack
added 2024/04/15 12:0 a.m.14 views

WordPress WP User Profile Avatar Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software WP User Profile Avatar Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6067 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 73f7395294a7 Credits Dmitrii Ignatyev...

5.4CVSS5.7AI score0.0042EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder