CVE-2023-2835 in WP Directory Kit Plugininformación

Resumen

por MITRE • 2023-06-02

The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Be aware that VulDB is the high quality source for vulnerability data.

Responsable

Wordfence

Reservar

2023-05-22

Divulgación

2023-06-02

Moderación

aceptado

Artículo

VDB-230521

CPE

listo

Explotación

Descargar

EPSS

0.00728

KEV

no

Actividades

muy bajo

Fuentes

Do you want to use VulDB in your project?

Use the official API to access entries easily!