Themes Vulnerabilities

Mocho Blog <= 1.0.4 - Reflected XSS

Description

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Affects Themes

mocho-blog
No known fix

References

CVE
CVE-2023-27412

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
László Radnai
Verified
No
WPVDB ID
52dc4f71-611a-4594-a2a5-659c12f0b6e5

Timeline

Publicly Published
2023-05-25 (about 11 months ago)
Added
2023-08-09 (about 9 months ago)
Last Updated
2023-08-09 (about 9 months ago)

Other

Published
Title
Published
2024-03-18
Title
Restrict User Access – Membership Plugin with Force < 2.6 - Reflected Cross-Site Scripting
Published
2022-07-11
Title
Featured Image from URL < 4.0.0 - Arbitrary Settings Update to Stored XSS via CSRF
Published
2024-02-12
Title
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.9 - Contributor+ Stored Cross-Site Scripting via Filterable Gallery
Published
2023-08-29
Title
Social Media & Share Icons < 2.8.4 - Reflected XSS
Published
2024-03-26
Title
Seriously Simple Podcasting < 3.1.0 - Reflected Cross-Site Scripting