WordPress Plugin Vulnerabilities

Notice Bar < 3.1.1 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
notice-bar
Fixed in 3.1.1

References

CVE
CVE-2023-41847

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
9d0beaa8-33eb-42b3-8aa3-b045b2a75a0c

Timeline

Publicly Published
2023-10-02 (about 2 years ago)
Added
2023-10-02 (about 2 years ago)
Last Updated
2023-10-02 (about 2 years ago)

Other

Published
Title
Published
2024-01-31
Title
Auto Listings < 2.6.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2025-05-07
Title
WP Front User Submit / Front Editor <= 5.0.6 - Admin+ Stored XSS
Published
2026-03-20
Title
Text Toggle <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute
Published
2025-01-14
Title
Glossy <= 2.3.5 - Reflected XSS
Published
2024-04-23
Title
Premium Addons for Elementor < 4.10.29 - Contributor+ Stored Cross-Site Scripting