Lucene search
WpvulndbWPVDB-ID:573D8A21-5303-4632-8C39-ACB42D504135HistoryDec 07, 2023 - 12:00 a.m.
Email Address Encoder 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting
2023-12-0700:00:00
wpscan.com
6
wordpress
email address encoder
vulnerability
stored cross-site scripting
input sanitization
output escaping
contributor level
permissions
Description The Email Address Encoder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s eae_shortcode shortcode in version 1.0.22 due to insufficient input sanitization and output escaping on the ‘link’ user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 1.0.23 |
Related
cve
cve
CVE-2023-48765
2023-12-15 14:15:14
prion
prion
Cross site scripting
2023-12-15 14:15:00
cvelist
cvelist
openvas
openvas
WordPress Email Address Encoder Plugin < 1.0.23 XSS Vulnerability
2023-12-20 00:00:00
nvd
nvd
CVE-2023-48765
2023-12-15 14:15:14
wordfence
wordfence
5.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.0%
Related for WPVDB-ID:573D8A21-5303-4632-8C39-ACB42D504135