Lucene search
WpvulndbWPVDB-ID:4233ABC7-55A9-47CF-A735-D9E35BC83D39HistorySep 06, 2023 - 12:00 a.m.
WRC Pricing Tables < 2.3.9 - Admin+ Stored XSS
2023-09-0600:00:00
wpscan.com
4
plugin validation escape parameters users admin role stored cross-site scripting attacks unfiltered_html capability multisite setup
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 2.3.9 |
Related
nvd
nvd
CVE-2023-38517
2023-09-03 12:15:42
cvelist
cvelist
cve
cve
CVE-2023-38517
2023-09-03 12:15:42
prion
prion
Cross site scripting
2023-09-03 12:15:00
wordfence
wordfence
5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.1%
Related for WPVDB-ID:4233ABC7-55A9-47CF-A735-D9E35BC83D39