WP Event Manager < 3.1.38 – Admin+ Stored XSS | CVE 2023-4423

Affects Plugins

wp-event-manager

Fixed in 3.1.38

References

CVE

CVE-2023-4423

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/dd9d22b0-a84a-4bf2-b8b4-89bae2970f29

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

4.4 (medium)

Miscellaneous

Original Researcher

JackYu

Verified

No

WPVDB ID

53fd4cd2-1bdd-4d05-a033-27ead79892f0

Timeline

Publicly Published

2023-09-20 (about 2 years ago)

Added

2023-09-27 (about 2 years ago)

Last Updated

2023-09-27 (about 2 years ago)

Other

Published

Title

Published

2016-10-04

Title

Portfolio <= 2.1.10 - Reflected Cross-Site Scripting (XSS)

Published

2021-04-16

Title

All 404 Redirect to Homepage < 1.21 - Authenticated Reflected Cross-Site Scripting (XSS)

Published

2024-04-15

Title

WP File Download Light <= 1.3.3 - Authenticated (Editor+) Stored Cross-Site Scripting

Published

2016-07-13

Title

All in One SEO Pack <= 2.3.7 - Unauthenticated Stored Cross-Site Scripting (XSS)

Published

2023-11-22

Title

GS Team Members < 2.2.4 - Contributor+ Stored XSS