Lucene search
WpvulndbWPVDB-ID:B928044F-28E2-46BA-B654-3202F1A8E95FHistoryNov 29, 2023 - 12:00 a.m.
Perfmatters < 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
2023-11-2900:00:00
wpscan.com
10
wordpress
perfmatters
cross-site scripting
vulnerability
subscriber access
Description The Perfmatters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in all versions up to 2.2.0 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 2.2.0 |
Related
prion
prion
Cross site scripting
2023-11-30 17:15:00
nvd
nvd
CVE-2023-47877
2023-11-30 17:15:11
cve
cve
CVE-2023-47877
2023-11-30 17:15:11
cvelist
cvelist
wordfence
wordfence
8 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.2%
Related for WPVDB-ID:B928044F-28E2-46BA-B654-3202F1A8E95F