WordPress Plugin Vulnerabilities

iFolders < 1.5.1 - Admin+ XSS

Description

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Avirtum iFolders plugin <= 1.5.0 versions.

Affects Plugins

Plugin icon
ifolders
Fixed in 1.5.1

References

CVE
CVE-2023-41949

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
emad
Verified
No
WPVDB ID
7ae1493d-85fe-4a1d-8c67-15ddb8f9d3f4

Timeline

Publicly Published
2023-09-25 (about 2 years ago)
Added
2023-09-25 (about 2 years ago)
Last Updated
2023-09-25 (about 2 years ago)

Other

Published
Title
Published
2023-10-29
Title
Giveaways and Contests by RafflePress < 1.12.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2024-10-03
Title
Code Embed < 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-04-15
Title
WP TradingView <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-09-26
Title
Premium Addons for Elementor < 4.10.53 - Authenticated (Contributor+) Stored Cross-Site Scripting via Media Grid Widget
Published
2024-10-09
Title
Curator.io < 1.9.2 - Contributor+ Stored XSS