Lucene search
WpvulndbWPVDB-ID:69C5324D-12CB-4E3A-8F56-E57E58881A0BHistoryJun 28, 2023 - 12:00 a.m.
Short URL < 1.6.5 - Admin+ Stored Cross-Site Scripting
2023-06-2800:00:00
wpscan.com
5
short url
plugin
v1.6.5
stored cross-site scripting
admin
settings
high-privilege
users
multisite
0.001 Low
EPSS
Percentile
31.9%
The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
| CPE | Name | Operator | Version |
|---|---|---|---|
| shorten-url | lt | 1.6.5 |
Related
cve
cve
CVE-2023-1602
2023-06-29 02:15:15
prion
prion
Cross site scripting
2023-06-29 02:15:00
nvd
nvd
CVE-2023-1602
2023-06-29 02:15:15
cvelist
cvelist
CVE-2023-1602
2023-06-29 01:56:56
wordfence
wordfence