Category Specific RSS feed Subscription < 2.3 - Admin+ Stored XSS. The plugin settings are not properly sanitized, allowing admins to execute Stored Cross-Site Scripting attacks even when unfiltered_html capability is disallowed in a multisite setup
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
Cvelist | CVE-2023-22685 WordPress Category Specific RSS feed Subscription Plugin <= v2.2 is vulnerable to Cross Site Scripting (XSS) | 12 May 202315:24 | – | cvelist |
Prion | Cross site scripting | 12 May 202316:15 | – | prion |
Vulnrichment | CVE-2023-22685 WordPress Category Specific RSS feed Subscription Plugin <= v2.2 is vulnerable to Cross Site Scripting (XSS) | 12 May 202315:24 | – | vulnrichment |
CVE | CVE-2023-22685 | 12 May 202316:15 | – | cve |
NVD | CVE-2023-22685 | 12 May 202316:15 | – | nvd |
Patchstack | WordPress Category Specific RSS feed Subscription Plugin <= v2.2 is vulnerable to Cross Site Scripting (XSS) | 19 Apr 202300:00 | – | patchstack |
Wordfence Blog | Wordfence Intelligence Weekly WordPress Vulnerability Report (Apr 17, 2023 to Apr 23, 2023) | 27 Apr 202312:16 | – | wordfence |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo