← back
CVE-2023-1126

WP FEvents Book <= 0.46 - Subscriber+ Stored XSS

CVSS 5.4 MEDIUMEPSS 0.4%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.4EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
24 Apr 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N