Lucene search
WpvulndbWPVDB-ID:CA86E56A-BCF6-4EC4-A282-AF4C3BDEBAA4HistoryJan 05, 2024 - 12:00 a.m.
If-So Dynamic Content Personalization < 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
2024-01-0500:00:00
wpscan.com
12
wordpress
stored cross-site scripting
input sanitization
Description The If-So Dynamic Content Personalization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Related
nvd
nvd
CVE-2023-51492
2024-02-10 09:15:08
cve
cve
CVE-2023-51492
2024-02-10 09:15:08
prion
prion
Cross site scripting
2024-02-10 09:15:00
cvelist
cvelist
vulnrichment
vulnrichment
wordfence
wordfence
AI Score
5.9
Confidence
High
EPSS
0
Percentile
14.0%
Related for WPVDB-ID:CA86E56A-BCF6-4EC4-A282-AF4C3BDEBAA4