CVE-2023-5228: User Registration < 3.0.4.2 - Admin+ Stored XSS
First published: Mon Nov 06 2023(Updated: )
The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WPEverest User Registration | <3.0.4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-5228.
What is the severity of CVE-2023-5228?
The severity of CVE-2023-5228 is medium with a CVSS score of 4.8.
How does the User Registration WordPress plugin version 3.0.4.2 and below get affected?
The User Registration WordPress plugin version 3.0.4.2 and below is affected by this vulnerability.
What is the impact of CVE-2023-5228?
The impact of CVE-2023-5228 is that high-privilege users, such as admin, can perform Stored Cross-Site Scripting attacks.
How do I fix CVE-2023-5228?
To fix CVE-2023-5228, you should update the User Registration WordPress plugin to version 3.0.4.3 or later.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/title
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- vendor/wpeverest