CVE-2023-6884 in Plugin for Google Reviewsthông tin

Tóm tắt

Bởi MITRE • 06/02/2024

This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'place_id' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Đặt trước

16/12/2023

Tiết lộ

06/02/2024

Kiểm duyệt

được chấp nhận

EPSS

0.00614

KEV

không

Các hoạt động

rất thấp

Nguồn

Do you need the next level of professionalism?

Upgrade your account now!