CVE-2023-1413: WP VR < 8.2.9 - Reflected XSS
First published: Mon Apr 17 2023(Updated: )
The WP VR WordPress plugin before 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Credit: contact@wpscan.com contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Coderex WP VR | <8.2.9 | |
| <8.2.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the WP VR WordPress plugin?
The vulnerability ID for the WP VR WordPress plugin is CVE-2023-1413.
What is the severity level of CVE-2023-1413?
The severity level of CVE-2023-1413 is medium with a CVSS score of 6.1.
What is the description of CVE-2023-1413?
CVE-2023-1413 is a vulnerability in the WP VR WordPress plugin before version 8.2.9 that allows Reflected Cross-Site Scripting, which can be exploited against high privilege users like admin.
How does CVE-2023-1413 impact the WP VR WordPress plugin?
CVE-2023-1413 impacts the WP VR WordPress plugin by not properly sanitizing and escaping some parameters, which leads to the Reflected Cross-Site Scripting vulnerability.
How can CVE-2023-1413 be fixed?
To fix CVE-2023-1413, it is recommended to update the WP VR WordPress plugin to version 8.2.9 or later.
- agent/type
- agent/weakness
- agent/references
- agent/title
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/author
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- vendor/coderex
- canonical/coderex wp vr
- vendor/rextheme