5 matches found
CVE-2023-23821
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marcin Pietrzak Interactive Polish Map plugin = 1.2 versions...
CVE-2023-23821
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marcin Pietrzak Interactive Polish Map plugin = 1.2 versions...
CVE-2023-23821
The CVE-2023-23821 entry concerns the WordPress plugin Interactive Polish Map. Affected versions are 1.2 and earlier, with a Stored XSS vulnerability that requires admin+ privileges to exploit. The root cause is inadequate sanitization/escaping of settings, enabling stored cross-site scripting by...
CVE-2023-23821 WordPress Interactive Polish Map Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marcin Pietrzak Interactive Polish Map plugin = 1.2 versions...
Interactive Polish Map < 1.2.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...