Lucene search
WpvulndbWPVDB-ID:CADAE0C4-103E-4626-93AF-200FB7DE05F1HistoryJan 24, 2024 - 12:00 a.m.
PDF Viewer & 3D PDF Flipbook – DearPDF <= 2.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting
2024-01-2400:00:00
wpscan.com
9
pdf viewer
3d pdf flipbook
dearpdf
wordpress
vulnerable
authenticated
stored xss
input sanitization
output escaping
contributor+.
Description The PDF Viewer & 3D PDF Flipbook – DearPDF plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.38 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Related
cvelist
cvelist
nvd
nvd
CVE-2024-23505
2024-01-31 16:15:47
cve
cve
CVE-2024-23505
2024-01-31 16:15:47
prion
prion
Cross site scripting
2024-01-31 16:15:00
wordfence
wordfence
5.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.0%
Related for WPVDB-ID:CADAE0C4-103E-4626-93AF-200FB7DE05F1