WordPress Plugin Vulnerabilities

Atarim < 3.13 - Unauthenticated Stored XSS

Description

The plugin does not validate and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
atarim-visual-collaboration
Fixed in 3.13

References

CVE
CVE-2023-47544

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Original Researcher
lttn
Verified
No
WPVDB ID
92f6603f-22e5-44f4-ae66-9d6c12d4f911

Timeline

Publicly Published
2023-11-07 (about 2 years ago)
Added
2023-11-15 (about 2 years ago)
Last Updated
2023-11-23 (about 2 years ago)

Other

Published
Title
Published
2022-07-14
Title
Slide Anything < 2.3.47 - Author+ Cross Site Scripting in slide title
Published
2021-04-13
Title
ElementsKit and ElementsKit Pro < 2.2.0 - Contributor+ Stored XSS
Published
2014-08-01
Title
DZS Video Gallery - deploy/preview_skin_overlay.swf logoLink Parameter Reflected XSS
Published
2025-03-24
Title
Key4ce osTicket Bridge <= 1.4.0 - Reflected Cross-Site Scripting
Published
2024-12-23
Title
Loan Comparison < 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting