WordPress Plugin Vulnerabilities

AnsPress – Question and answer < 4.3.2 - Editor+ Stored XSS

Description

The plugin does not validate and escape some parameters, which could allow users with the editor role and above to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
anspress-question-answer
Fixed in 4.3.2

References

CVE
CVE-2023-34374
URL
https://patchstack.com/database/vulnerability/anspress-question-answer/wordpress-anspress-question-and-answer-plugin-4-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
Theodoros Malachias
Verified
No
WPVDB ID
6c66319b-7b4a-451b-b380-1c1932b9adfa

Timeline

Publicly Published
2023-07-12 (about 2 years ago)
Added
2023-08-11 (about 2 years ago)
Last Updated
2023-08-11 (about 2 years ago)

Other

Published
Title
Published
2024-12-17
Title
Tabs Shortcode <= 2.0.2 - Contributor+ XSS via Shortcode
Published
2025-01-16
Title
FooGallery Captions <= 1.0.2 - Reflected Cross-Site Scripting
Published
2025-10-10
Title
Open Currency Converter <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-10-05
Title
Log HTTP Requests < 1.3.2 - Stored Cross-Site Scripting
Published
2025-12-01
Title
Nexter Extension < 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode