WordPress Plugin Vulnerabilities

Smart Cookie Kit < 2.3.2 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
smart-cookie-kit
Fixed in 2.3.2

References

CVE
CVE-2023-45608

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
resecured.io
Verified
No
WPVDB ID
84358d90-aa80-4174-acaa-0ad05019c38f

Timeline

Publicly Published
2023-10-18 (about 2 years ago)
Added
2023-10-20 (about 2 years ago)
Last Updated
2023-10-20 (about 2 years ago)

Other

Published
Title
Published
2015-08-24
Title
Googmonify <= 0.5.1 - CSRF & XSS
Published
2023-08-17
Title
Simple Staff List < 2.2.4 - Editor+ Stored XSS
Published
2024-11-07
Title
Logo Slider < 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2026-01-15
Title
Related Posts by Taxonomy < 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'related_posts_by_tax' Shortcode
Published
2025-06-19
Title
IP Based Login < 2.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting