Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-4823
HistoryOct 31, 2023 - 2:15 p.m.

Cross site scripting

2023-10-3114:15:00
PRIOn knowledge base
www.prio-n.com
5
vulnerability
wp meta and date remover
wordpress plugin
2.2.0
unsanitized user input
stored cross-site scripting
ajax endpoint

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

JSON

The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change them and perform Stored Cross-Site Scripting.

CPENameOperatorVersion
wp_meta_and_date_removerlt2.2.0

Related

cve 1
wpvulndb 1
cvelist 1
nvd 1
wpexploit 1
fedora 3
wordfence 1
cve
cve
CVE-2023-4823
2023-10-31 14:15:12
wpvulndb
wpvulndb
WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS
2023-10-09 00:00:00
cvelist
cvelist
CVE-2023-4823 WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS
2023-10-31 13:54:42
nvd
nvd
CVE-2023-4823
2023-10-31 14:15:12
wpexploit
wpexploit
WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS
2023-10-09 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: vim-9.0.2120-1.fc37
2023-11-26 03:08:40
[SECURITY] Fedora 39 Update: vim-9.0.2120-1.fc39
2023-11-24 01:37:40
[SECURITY] Fedora 38 Update: vim-9.0.2120-1.fc38
2023-11-26 03:05:59
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 30, 2023 to November 5, 2023)
2023-11-09 18:38:31

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

JSON
Related for PRION:CVE-2023-4823
cve1wpvulndb1cvelist1nvd1wpexploit1fedora3wordfence1