CVE-2023-7084

The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks
Configurations

Configuration 1 (hide)

cpe:2.3:a:davidjmiller:voting_record:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 08:45

Type Values Removed Values Added
References () https://magos-securitas.com/txt/CVE-2023-7084.txt - Exploit, Third Party Advisory () https://magos-securitas.com/txt/CVE-2023-7084.txt - Exploit, Third Party Advisory
References () https://wpscan.com/vulnerability/5e51e239-919b-4e74-a7ee-195f3817f907/ - Third Party Advisory () https://wpscan.com/vulnerability/5e51e239-919b-4e74-a7ee-195f3817f907/ - Third Party Advisory

19 Jan 2024, 14:54

Type Values Removed Values Added
CWE CWE-79
First Time Davidjmiller
Davidjmiller voting Record
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
References () https://magos-securitas.com/txt/CVE-2023-7084.txt - () https://magos-securitas.com/txt/CVE-2023-7084.txt - Exploit, Third Party Advisory
References () https://wpscan.com/vulnerability/5e51e239-919b-4e74-a7ee-195f3817f907/ - () https://wpscan.com/vulnerability/5e51e239-919b-4e74-a7ee-195f3817f907/ - Third Party Advisory
CPE cpe:2.3:a:davidjmiller:voting_record:*:*:*:*:*:wordpress:*:*

16 Jan 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-16 16:15

Updated : 2024-11-21 08:45


NVD link : CVE-2023-7084

Mitre link : CVE-2023-7084

CVE.ORG link : CVE-2023-7084


JSON object : View

Products Affected

davidjmiller

  • voting_record
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')