WordPress Plugin Vulnerabilities

WxSync <= 2.7.23 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
wxsync
No known fix

References

CVE
CVE-2023-39988

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
Rio Darmawan
Verified
No
WPVDB ID
242556ae-fa29-4961-afe6-7a8421d90450

Timeline

Publicly Published
2023-09-04 (about 8 months ago)
Added
2023-09-18 (about 7 months ago)
Last Updated
2023-09-18 (about 7 months ago)

Other

Published
Title
Published
2024-04-16
Title
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX < 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2021-06-28
Title
YouTube Embed, Playlist and Popup < 2.3.9 - Contributor+ Stored XSS
Published
2023-08-14
Title
a3 Portfolio < 3.1.1 - Author+ Stored XSS
Published
2021-02-26
Title
WP File Manager < 7.1 - Reflected Cross-Site Scripting (XSS)
Published
2022-07-19
Title
WP-UserOnline < 2.88.0 - Admin+ Stored Cross-Site Scripting