First published: Mon Mar 13 2023(Updated: )
The Namaste! LMS WordPress plugin before 2.6 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Kibokolabs Namaste\! Lms | <2.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-0844 is a vulnerability in the Namaste! LMS WordPress plugin before version 2.6.
The severity of CVE-2023-0844 is medium (4.8).
The affected software is the Namaste! LMS WordPress plugin before version 2.6.
High-privilege users such as admin can perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
To exploit CVE-2023-0844, an attacker with high-privilege user access can inject malicious scripts that get executed when other users access the affected pages or content.