WordPress Plugin Vulnerabilities

Library Viewer < 2.0.6.1 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
library-viewer
Fixed in 2.0.6.1

References

CVE
CVE-2023-32102

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
7873a148-925e-4a07-b947-79e26ddbceaa

Timeline

Publicly Published
2023-09-04 (about 2 years ago)
Added
2023-09-04 (about 2 years ago)
Last Updated
2023-09-04 (about 2 years ago)

Other

Published
Title
Published
2023-10-02
Title
Attorney <= 3 - Reflected XSS
Published
2025-12-03
Title
Clik stats <= 0.8 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
Published
2023-03-13
Title
Exxp <= 2.6.8 - Subscriber+ Stored Cross-Site Scripting
Published
2017-01-17
Title
Moreads Se < 1.4.7 - XSS
Published
2024-01-19
Title
WP-Lister Lite for eBay < 3.5.8 - Reflected Cross-Site Scripting via 's'