MainWP Code Snippets Extension < 4.0.3 – Subscriber+ Stored XSS | CVE 2023-23650

Affects Plugins

mainwp-code-snippets-extension

Fixed in 4.0.3

References

CVE

CVE-2023-23650

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

8.0 (high)

Miscellaneous

Original Researcher

Dave Jong

Verified

No

WPVDB ID

89ef8450-9f3a-479e-9958-d1c89cdf02f1

Timeline

Publicly Published

2023-01-18 (about 3 years ago)

Added

2023-03-23 (about 3 years ago)

Last Updated

2023-03-23 (about 3 years ago)

Other

Published

Title

Published

2024-04-16

Title

Void Elementor WHMCS Elements For Elementor Page Builder < 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2016-06-09

Title

CM Ad Changer <= 1.7.7 - Stored Cross-Site Scripting (XSS)

Published

2014-10-02

Title

WordPress Integrator 1.32 - Cross-Site Scripting (XSS)

Published

2026-05-07

Title

Auto Affiliate Links < 6.8.8.1 - Unauthenticated Stored Cross-Site Scripting via 'url' Parameter

Published

2014-08-01

Title

JS External Link Info 1.21 - redirect.php blog Parameter XSS