Lucene search
WpvulndbWPVDB-ID:B37DB75C-A4E2-4AFD-8E2F-C4E014951C87HistoryJan 12, 2024 - 12:00 a.m.
Keap Official Opt-in Forms <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
2024-01-1200:00:00
wpscan.com
2
wordpress
stored cross-site scripting
input sanitization
output escaping
authenticated attackers
contributor-level access
Description The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Related
cve
cve
CVE-2023-52192
2024-02-01 10:15:10
cvelist
cvelist
nvd
nvd
CVE-2023-52192
2024-02-01 10:15:10
prion
prion
Cross site scripting
2024-02-01 10:15:00
wordfence
wordfence
5.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.2%
Related for WPVDB-ID:B37DB75C-A4E2-4AFD-8E2F-C4E014951C87