Lucene search
WpvulndbWPVDB-ID:95D9C944-9713-4EBD-BF87-C03835A701F8HistoryNov 23, 2023 - 12:00 a.m.
Embed Privacy < 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
2023-11-2300:00:00
wpscan.com
11
wordpress
plugin
vulnerability
stored cross-site scripting
input sanitization
output escaping
contributor+.
Description The Embed Privacy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s 'embed_privacy_opt_out ’ shortcode in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2023-51694 appears to be a duplicate of this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 1.8.1 |
Related
vulnrichment
vulnrichment
prion
prion
Cross site scripting
2024-02-01 11:15:00
Cross site scripting
2023-11-20 19:15:00
osv
osv
CVE-2023-51694
2024-02-01 11:15:12
CVE-2023-48300
2023-11-20 19:15:09
nvd
nvd
CVE-2023-51694
2024-02-01 11:15:12
CVE-2023-48300
2023-11-20 19:15:09
cve
cve
CVE-2023-48300
2023-11-20 19:15:09
CVE-2023-51694
2024-02-01 11:15:12
cvelist
cvelist
wordfence
wordfence
7.8 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
19.1%
Related for WPVDB-ID:95D9C944-9713-4EBD-BF87-C03835A701F8