CVE-2023-2795 in CodeColorer Pluginالمعلومات

الملخص

بحسب MITRE • 27/06/2023

The CodeColorer WordPress plugin before 0.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

حجز

18/05/2023

إفشاء

27/06/2023

الاعتدال

تمت الموافقة

إدخال

VDB-230890

EPSS

0.00442

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

Interested in the pricing of exploits?

See the underground prices here!