Lucene search
WpvulndbWPVDB-ID:1F98AEE4-9DAE-4F00-A474-EEAB29E9A917HistorySep 26, 2023 - 12:00 a.m.
Options for Twenty Seventeen < 2.5.1 - Contributor+ Stored Cross-Site Scripting
2023-09-2600:00:00
wpscan.com
4
twenty seventeen
stored cross-site scripting
contributor
software
Description The plugin does not properly sanitize user-supplied input nor escape output for the ‘social-links’ shortcode. This leads to a Stored Cross-Site Scripting vulnerability, where an authenticated user with contributor-level permissions can inject arbitrary web scripts that execute whenever a page is accessed.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 2.5.1 |
Related
cvelist
cvelist
CVE-2023-5162
2023-09-26 01:51:15
nvd
nvd
CVE-2023-5162
2023-09-27 15:19:41
prion
prion
Cross site scripting
2023-09-27 15:19:00
cve
cve
CVE-2023-5162
2023-09-27 15:19:41
wordfence
wordfence
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.2%
Related for WPVDB-ID:1F98AEE4-9DAE-4F00-A474-EEAB29E9A917