WordPress Plugin Vulnerabilities

Column-Matic <= 1.3.3 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
column-matic
No known fix

References

CVE
CVE-2023-32578

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
3b863dd6-8fc9-4967-a6f0-9603e51a08ad

Timeline

Publicly Published
2023-05-12 (about 3 years ago)
Added
2023-09-14 (about 2 years ago)
Last Updated
2023-09-14 (about 2 years ago)

Other

Published
Title
Published
2025-12-15
Title
User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin < 4.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
Published
2024-10-14
Title
Plexx Elementor Extension < 1.3.7 - Contributor+ Stored XSS
Published
2025-01-16
Title
WP Front-end login and register <= 2.1.0 - Reflected Cross-Site Scripting
Published
2021-12-06
Title
Multivendor Marketplace Solution for WooCommerce < 3.8.4 - Reflected Cross-Site Scripting
Published
2024-07-31
Title
Blog2Social: Social Media Auto Post & Scheduler < 7.5.5 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload