WordPress Plugin Vulnerabilities

FareHarbor for WordPress < 3.6.7 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin to perform Cross-Site Scripting attacks.

Affects Plugins

Plugin icon
fareharbor
Fixed in 3.6.7

References

CVE
CVE-2023-25021

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Rio Darmawan
Verified
No
WPVDB ID
97e0ad85-73cb-423f-a75f-fc547302fe52

Timeline

Publicly Published
2023-03-03 (about 3 years ago)
Added
2023-05-09 (about 3 years ago)
Last Updated
2023-05-09 (about 3 years ago)

Other

Published
Title
Published
2025-06-03
Title
WooCommerce Photo Reviews - Review Reminders - Review for Discounts <= 1.3.13 - Reflected Cross-Site Scripting
Published
2024-10-31
Title
Custom Admin Menu <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-11-07
Title
EazyDocs < 2.3.6 - Reflected XSS
Published
2025-01-27
Title
Wise Forms <= 1.2.0 - Unauthenticated Stored XSS
Published
2025-12-15
Title
User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin < 4.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes