WordPress Plugin Vulnerabilities

Animated Number Counters < 1.7 - Editor+ Stored XSS

Description

The plugin does not validate and escape some parameters, which could allow users with the editor role and above to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
animated-number-counters
Fixed in 1.7

References

CVE
CVE-2023-24393
URL
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/animated-number-counters/animated-number-counters-16-authenticated-editor-stored-cross-site-scripting

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
yuyudhn
Verified
No
WPVDB ID
2f3a16b9-b8d8-4638-a578-3b8632e518ab

Timeline

Publicly Published
2023-07-04 (about 2 years ago)
Added
2023-08-11 (about 2 years ago)
Last Updated
2023-09-22 (about 2 years ago)

Other

Published
Title
Published
2023-10-02
Title
Anchor Episodes Index (Spotify for Podcasters) < 2.1.8 - Admin+ Stored XSS
Published
2022-12-21
Title
WP Video Lightbox < 1.9.7 - Contributor+ Stored XSS
Published
2025-04-02
Title
Awesome Logos <= 1.2 - Reflected Cross-Site Scripting
Published
2015-08-21
Title
Crazy Bone < 0.6.0 - Unauthenticated Stored Cross-Site Scripting (XSS)
Published
2024-12-19
Title
WPMozo Addons Lite for Elementor < 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting