Lucene search
WPScanCVELIST:CVE-2023-4823HistoryOct 31, 2023 - 1:54 p.m.
CVE-2023-4823 WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS
2023-10-3113:54:42
WPScan
www.cve.org
wordpress
plugin
settings
ajax
endpoint
sanitized
user input
authenticated
xss
0.0004 Low
EPSS
Percentile
14.0%
The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change them and perform Stored Cross-Site Scripting.
CNA Affected
[
{
"vendor": "Unknown",
"product": "WP Meta and Date Remover",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.2.0"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
cve
cve
CVE-2023-4823
2023-10-31 14:15:12
wpvulndb
wpvulndb
WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS
2023-10-09 00:00:00
prion
prion
Cross site scripting
2023-10-31 14:15:00
nvd
nvd
CVE-2023-4823
2023-10-31 14:15:12
wpexploit
wpexploit
WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS
2023-10-09 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: vim-9.0.2120-1.fc37
2023-11-26 03:08:40
[SECURITY] Fedora 39 Update: vim-9.0.2120-1.fc39
2023-11-24 01:37:40
[SECURITY] Fedora 38 Update: vim-9.0.2120-1.fc38
2023-11-26 03:05:59
wordfence
wordfence