VK All in One Expansion Unit < 9.88.2 – Multiple Stored XSS | CVE 2023-27923

Affects Plugins

vk-all-in-one-expansion-unit

Fixed in 9.88.2

References

CVE

CVE-2023-27923

CVE

CVE-2023-27925

CVE

CVE-2023-27926

CVE

CVE-2023-28367

URL

https://jvn.jp/en/jp/JVN95792402/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

5.4 (medium)

Miscellaneous

Original Researcher

apple502j

Verified

No

WPVDB ID

1e338dfd-8a02-4792-b377-de367c0e1665

Timeline

Publicly Published

2023-05-09 (about 3 years ago)

Added

2023-05-11 (about 3 years ago)

Last Updated

2023-05-11 (about 3 years ago)

Other

Published

Title

Published

2025-01-05

Title

Paytm Payment Donation < 2.3.2 - Reflected Cross-Site Scripting

Published

2024-12-19

Title

Userpro <= 5.1.9 - Reflected Cross-Site Scripting

Published

2020-07-18

Title

JobSearch < 1.5.5 - Unauthenticated Reflected Cross-Site Scripting

Published

2024-01-16

Title

Image Tag Manager <= 1.5 - Reflected Cross-Site Scripting via default_class

Published

2023-10-11

Title

Copy Or Move Comments <= 5.0.4 - Reflected XSS