Buy Me a Coffee < 3.7 – Subscriber+ Stored Cross-Site Scripting | CVE 2023-2082

Affects Plugins

buymeacoffee

Fixed in 3.7

References

CVE

CVE-2023-2082

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/ed9f8948-085b-4ac5-befd-c70085aa23cd

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.4 (medium)

Miscellaneous

Original Researcher

Lana Codes

Verified

No

WPVDB ID

89301c42-6472-4625-bd5a-72fc06e6ec91

Timeline

Publicly Published

2023-07-13 (about 2 years ago)

Added

2023-07-14 (about 2 years ago)

Last Updated

2023-07-14 (about 2 years ago)

Other

Published

Title

Published

2021-11-25

Title

Awesome Support < 6.0.7 - Reflected Cross-Site Scripting

Published

2025-01-16

Title

GeoDigs <= 3.4.1 - Reflected Cross-Site Scripting

Published

2024-07-01

Title

HTML Forms < 1.3.33 - Admin+ Stored XSS

Published

2024-05-07

Title

Stockholm Core < 2.4.2 - Reflected Cross-Site Scripting

Published

2023-12-27

Title

Stock Ticker < 3.23.5 - Authenticated (Contributor+) Stored Cross-Site Scritping