First published: Mon Nov 20 2023(Updated: )
The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
S-sols Seraphinite Accelerator | <2.2.29 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-5609 is a vulnerability in the Seraphinite Accelerator WordPress plugin that allows for Reflected Cross-Site Scripting attacks.
CVE-2023-5609 can be used against high privilege users, such as admin, to execute malicious scripts.
The severity of CVE-2023-5609 is medium, with a CVSS score of 6.1.
Seraphinite Accelerator versions before 2.2.29 are affected by CVE-2023-5609.
To fix CVE-2023-5609, users should update the Seraphinite Accelerator plugin to version 2.2.29 or above.