The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/fa38f3e6-e04c-467c-969b-0f6736087589 | Exploit Third Party Advisory |
Configurations
History
07 Nov 2023, 04:03
Type | Values Removed | Values Added |
---|---|---|
CWE |
Information
Published : 2023-04-17 13:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-1373
Mitre link : CVE-2023-1373
CVE.ORG link : CVE-2023-1373
JSON object : View
Products Affected
w4_post_list_project
- w4_post_list
CWE
No CWE.