CVE-2023-7084
Voting Record <= 2.0 - Subscriber+ Stored XSS
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.4EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
16 Jan 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected products
Unknown · Voting Record