CVE-2023-4270

The Min Max Control WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:codeastrology:min_max_control:*:*:*:*:*:wordpress:*:*

History

07 Nov 2023, 04:22

Type Values Removed Values Added
CWE CWE-79

18 Sep 2023, 18:57

Type Values Removed Values Added
CPE cpe:2.3:a:codeastrology:min_max_control:*:*:*:*:*:wordpress:*:*
References (MISC) https://wpscan.com/vulnerability/04560bf1-676b-46fb-9344-4150862f2686 - (MISC) https://wpscan.com/vulnerability/04560bf1-676b-46fb-9344-4150862f2686 - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
First Time Codeastrology min Max Control
Codeastrology

11 Sep 2023, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-11 20:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-4270

Mitre link : CVE-2023-4270

CVE.ORG link : CVE-2023-4270


JSON object : View

Products Affected

codeastrology

  • min_max_control
CWE

No CWE.