First published: Mon Jun 05 2023(Updated: )
The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
10web 10web Social Post Feed | <1.2.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2023-2503.
The title of this vulnerability is 'The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter...'
The severity of CVE-2023-2503 is medium with a CVSS score of 6.1.
CVE-2023-2503 affects the 10Web Social Post Feed WordPress plugin before version 1.2.9.
The vulnerability CVE-2023-2503 can be exploited through a Reflected Cross-Site Scripting attack, which could be used against high privilege users such as admin.