CVE-2023-0175

Smart Logo Showcase Lite <= 1.1.9 - Contributor+ Stored XSS

CVSS 5.4 MEDIUMEPSS 0.5%

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.4EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

20 mar 2023Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The Responsive Clients Logo Gallery Plugin for WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Productos afectados

Unknown · Responsive Clients Logo Gallery Plugin for WordPress

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://wpscan.com/vulnerability/cdcd3c2c-cb29-4b21-8d3d-7eafbc1d3098