Lucene search
WpvulndbWPVDB-ID:035B25C0-0212-4599-99C4-D329DB87B3C3HistoryJan 05, 2023 - 12:00 a.m.
CPO Companion < 1.1.0 - Admin+ Stored XSS
2023-01-0500:00:00
wpscan.com
12
plugin
sanitisation
stored xss
high privilege users
admin
unfiltered_html capability
multisite setup
vulnerability
EPSS
0.001
Percentile
19.3%
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Related
nvd
nvd
CVE-2023-0162
2023-01-10 18:15:10
cvelist
cvelist
CVE-2023-0162
2023-01-10 17:14:45
prion
prion
Cross site scripting
2023-01-10 18:15:00
cve
cve
CVE-2023-0162
2023-01-10 18:15:10