4 matches found
WordPress Restrict Usernames Emails Characters Plugin < 3.1.4 is vulnerable to Cross Site Scripting (XSS)
Software Restrict Usernames Emails Characters Type Plugin Vulnerable versions 3.1.4 Fixed in 3.1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6165 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9c5a313dd81c Credits Yuhan...
CVE-2023-6165
The Restrict Usernames Emails Characters WordPress plugin before 3.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2023-6165 Restrict Usernames Emails Characters Plugin < 3.1.4 - Admin+ Stored XSS
The Restrict Usernames Emails Characters WordPress plugin before 3.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2023-6165
The CVE-2023-6165 entry concerns the WordPress plugin Restrict Usernames Emails Characters, affected up to version 3.1.3. The Red Hat and CVE ecosystem entries confirm the root cause: insufficient sanitization/escaping of certain plugin settings, enabling high-privilege users (e.g., admins) to tr...