Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.4
CVSSv3

CVE-2023-1404

Published: 09/06/2023 Updated: 07/11/2023
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 0
Subscribe to Weavertheme

Vulnerability Summary

The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

weavertheme weaver show posts

Exploits

Exploit DB: WordPress Weaver Xtreme 5.0.7 / Weaver Show Posts 1.6 Cross Site Scripting
WordPress Weaver Xtreme theme versions 507 and below and Weaver Show Posts plugin versions 16 and below suffer from a persistent cross site scripting vulnerability ...

References

https://plugins.trac.wordpress.org/browser/show-posts/tags/1.6/includes/atw-showposts-sc.php#L368https://www.wordfence.com/threat-intel/vulnerabilities/id/c8647c44-4879-4895-bd07-19f7d62a7326?source=cvehttps://nvd.nist.govhttps://packetstormsecurity.com/files/171915/WordPress-Weaver-Xtreme-5.0.7-Weaver-Show-Posts-1.6-Cross-Site-Scripting.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook