First published: Thu Nov 16 2023(Updated: )
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wishfulthemes Raise Mag, Wishfulthemes Wishful Blog themes allows Reflected XSS.This issue affects Raise Mag: from n/a through 1.0.7; Wishful Blog: from n/a through 2.0.1.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wishfulthemes Raise Mag | <=1.0.7 | |
Wishful Blog | <=2.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-28621 is high with a CVSS score of 7.1.
Wishfulthemes Raise Mag versions up to and including 1.0.7 and Wishfulthemes Wishful Blog versions up to and including 2.0.1 are affected by CVE-2023-28621.
CVE-2023-28621 is a Cross-site Scripting (XSS) vulnerability.
To fix the CVE-2023-28621 vulnerability, it is recommended to update Wishfulthemes Raise Mag theme to a version higher than 1.0.7 and Wishfulthemes Wishful Blog theme to a version higher than 2.0.1.
More information about CVE-2023-28621 can be found at the following references: [link 1](https://patchstack.com/database/vulnerability/wishful-blog/wordpress-wishful-blog-theme-2-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve), [link 2](https://patchstack.com/database/vulnerability/raise-mag/wordpress-raise-mag-theme-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve).