Lucene search
WpvulndbWPVDB-ID:AACC908A-6F5A-4DB0-9C2D-19BF251A8D97HistoryOct 24, 2023 - 12:00 a.m.
WP Lightbox 2 <= 3.0.6.5 - Admin+ Stored XSS
2023-10-2400:00:00
wpscan.com
4
plugin
validation
escape
parameters
admin
stored xss
unfiltered_html
multisite
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
References
patchstack.com/database/vulnerability/wp-lightbox-2/wordpress-wp-lightbox-2-plugin-3-0-6-5-cross-site-scripting-xss-vulnerability
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-lightbox-2/wp-lightbox-2-3065-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings
Related
prion
prion
Cross site scripting
2023-10-25 18:17:00
nvd
nvd
CVE-2023-45747
2023-10-25 18:17:33
cve
cve
CVE-2023-45747
2023-10-25 18:17:33
cvelist
cvelist
wordfence
wordfence
AI Score
5.6
Confidence
High
EPSS
0
Percentile
14.0%
Related for WPVDB-ID:AACC908A-6F5A-4DB0-9C2D-19BF251A8D97