WordPress Plugin Vulnerabilities

Gumroad <= 3.1.0 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
gumroad
No known fix

References

CVE
CVE-2023-45059

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
3da45f39-ad7f-4f68-ad62-6629bf5e95e2

Timeline

Publicly Published
2023-10-18 (about 2 years ago)
Added
2023-10-20 (about 2 years ago)
Last Updated
2023-10-20 (about 2 years ago)

Other

Published
Title
Published
2024-04-05
Title
Fancy Product Designer < 6.1.8 - Reflected Cross Site Scripting
Published
2024-06-12
Title
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) < 2.7.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Effects Widget
Published
2024-07-11
Title
Change From Email <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2025-01-07
Title
Simple Photo Sphere <= 0.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2018-05-05
Title
Tagregator <= 0.6 - Stored XSS