Lucene search
WpvulndbWPVDB-ID:F77A13D2-43E2-4A41-B885-4924D2F6D05EHistoryOct 27, 2023 - 12:00 a.m.
WP Full Stripe Free <= 1.6.1 - Admin+ Stored XSS
2023-10-2700:00:00
wpscan.com
5
wordpress
plugin
security
stored xss
admin role
unvalidated parameters
multisite
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
References
patchstack.com/database/vulnerability/wp-full-stripe-free/wordpress-wp-full-stripe-free-plugin-1-6-1-cross-site-scripting-xss-vulnerability-2
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-full-stripe-free/wp-full-stripe-free-161-authenticated-administrator-stored-cross-site-scripting-1
Related
cvelist
cvelist
nvd
nvd
CVE-2023-46088
2023-10-26 13:15:09
prion
prion
Cross site scripting
2023-10-26 13:15:00
cve
cve
CVE-2023-46088
2023-10-26 13:15:09
wordfence
wordfence
5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.2%
Related for WPVDB-ID:F77A13D2-43E2-4A41-B885-4924D2F6D05E