WordPress Plugin Vulnerabilities

Marketing Performance <= 2.0.0 - Reflected XSS

Description

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Affects Plugins

Plugin icon
marketing-performance
No known fix

References

CVE
CVE-2023-24404

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
Nithissh S
Verified
No
WPVDB ID
96396136-3fa8-4ab9-9af4-c9220baf0216

Timeline

Publicly Published
2023-02-02 (about 3 years ago)
Added
2023-04-24 (about 2 years ago)
Last Updated
2023-04-24 (about 2 years ago)

Other

Published
Title
Published
2024-12-30
Title
GS Shots for Dribbble < 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2017-08-24
Title
FG Joomla to WordPress < 3.31.0 - XSS in the AJAX Imported
Published
2024-06-06
Title
Auto Coupons for WooCommerce < 3.0.15 - Reflected Cross-Site Scripting
Published
2014-03-27
Title
miniAudioPlayer < 1.3.9 - maplayertinymce.php Multiple Parameter XSS
Published
2025-10-02
Title
Meks Easy Maps <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting