The WP VR WordPress plugin before 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/6938fee5-3510-45e6-8112-c9e2b30f6881 | Exploit Third Party Advisory |
Configurations
History
07 Nov 2023, 04:03
Type | Values Removed | Values Added |
---|---|---|
CWE |
Information
Published : 2023-04-17 13:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-1413
Mitre link : CVE-2023-1413
CVE.ORG link : CVE-2023-1413
JSON object : View
Products Affected
coderex
- wp_vr
CWE
No CWE.