Lucene search
WpvulndbWPVDB-ID:E6CC2882-8BC9-41BA-83DD-5529F1CCFB42HistorySep 06, 2023 - 12:00 a.m.
CT Commerce <= 2.0.1 - Admin+ Stored XSS
2023-09-0600:00:00
wpscan.com
4
ct commerce
admin role
stored xss
unfiltered_html
multisite setup
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Related
nvd
nvd
CVE-2023-40007
2023-09-06 09:15:08
prion
prion
Cross site scripting
2023-09-06 09:15:00
cve
cve
CVE-2023-40007
2023-09-06 09:15:08
cvelist
cvelist
wordfence
wordfence
6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.2%
Related for WPVDB-ID:E6CC2882-8BC9-41BA-83DD-5529F1CCFB42