CVE-2023-1373 W4 Post List < 2.4.6 - Reflected XSS

2023-04-1712:17:43

WPScan

www.cve.org

cve-2023-1373

w4 post list

wordpress plugin

reflected cross-site scripting

url escaping

EPSS

0.001

Percentile

34.9%

JSON

The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "W4 Post List",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "2.4.6"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/fa38f3e6-e04c-467c-969b-0f6736087589

EPSS

0.001

Percentile

34.9%

JSON

Related for CVELIST:CVE-2023-1373