First published: Mon Nov 27 2023(Updated: )
The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Lesterchan Wp-useronline | <2.88.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-5560 is medium, with a CVSS score of 6.1.
CVE-2023-5560 affects the WP-UserOnline plugin version up to and excluding 2.88.3.
CVE-2023-5560 is an unauthenticated stored XSS vulnerability in the WP-UserOnline plugin.
An unauthenticated user can exploit CVE-2023-5560 by injecting malicious scripts through the X-Forwarded-For header.
Yes, updating the WP-UserOnline plugin to version 2.88.3 or higher fixes CVE-2023-5560.