CVE-2023-5238: EventPrime < 3.2.0 - Reflected HTML Injection on keyword parameter
First published: Tue Oct 31 2023(Updated: )
The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <3.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-5238?
CVE-2023-5238 is a vulnerability in the EventPrime WordPress plugin before version 3.2.0 that allows for HTML Injection.
How does CVE-2023-5238 affect websites?
CVE-2023-5238 affects websites that have the vulnerable version (up to and excluding 3.2.0) of the EventPrime plugin installed, allowing potential HTML Injection attacks in the search area of the website.
How severe is CVE-2023-5238?
CVE-2023-5238 has a severity level of medium with a CVSS score of 6.1.
How can I fix CVE-2023-5238?
To fix CVE-2023-5238, update the EventPrime WordPress plugin to version 3.2.0 or later, which includes the necessary sanitization and escaping of parameters to prevent HTML Injection.
Where can I find more information about CVE-2023-5238?
More information about CVE-2023-5238 can be found at the following reference: [EventPrime Reflected HTML Injection](https://wpscan.com/vulnerability/47a5fbfd-f47c-4356-8567-b29dadb48423)
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/weakness
- agent/references
- agent/author
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/metagauss
- canonical/metagauss eventprime