CVE-2023-47522: WordPress Photo Feed Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)
First published: Tue Nov 14 2023(Updated: )
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Feed plugin <= 2.2.1 versions.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Photofeed Photo Feed | <=2.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-47522?
CVE-2023-47522 is a vulnerability found in the WordPress Photo Feed Plugin, allowing for Cross Site Scripting (XSS).
How severe is CVE-2023-47522?
CVE-2023-47522 is considered high severity with a CVSS score of 7.1.
What is the affected software?
The affected software is the Photo Feed plugin version <= 2.2.1 for WordPress.
What is the CWE-ID of CVE-2023-47522?
The CWE-ID of CVE-2023-47522 is 79, which stands for Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
How can I fix CVE-2023-47522?
To fix CVE-2023-47522, you should update the Photo Feed plugin to a version higher than 2.2.1.
- collector/mitre-cve
- collector/nvd-api
- vendor/photofeed
- product/photo feed
- canonical/photofeed photo feed