CVE-2023-4798: User Avatar - Reloaded < 1.2.2 - Contributor+ Stored XSS
First published: Mon Oct 16 2023(Updated: )
The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks.
Credit: contact@wpscan.com contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <1.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the User Avatar WordPress plugin?
The vulnerability ID for the User Avatar WordPress plugin is CVE-2023-4798.
What is the severity rating of CVE-2023-4798?
The severity rating for CVE-2023-4798 is medium (5.4).
What is the impact of CVE-2023-4798?
CVE-2023-4798 could allow relatively low-privileged users like contributors to conduct Stored XSS attacks.
How does CVE-2023-4798 affect the User Avatar WordPress plugin?
CVE-2023-4798 affects the User Avatar WordPress plugin before version 1.2.2.
Is there a fix available for CVE-2023-4798?
Yes, updating the User Avatar WordPress plugin to version 1.2.2 or later will fix the vulnerability.
- collector/nvd-index
- agent/author
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/title
- agent/weakness
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/tags
- agent/source
- vendor/wpexperts
- canonical/wpexperts user avatar-reloaded