Crowdsignal Dashboard < 3.1.0 – Reflected Cross-Site Scripting | CVE 2023-51488

Affects Plugins

Fixed in 3.1.0

References

CVE

CVE-2023-51488

URL

https://patchstack.com/database/vulnerability/polldaddy/wordpress-crowdsignal-polls-ratings-plugin-3-0-11-reflected-cross-site-scripting-xss-vulnerability

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

7.1 (high)

Miscellaneous

Original Researcher

Rafie Muhammad

Verified

No

WPVDB ID

a21c126f-9852-449e-b391-413143fd38ef

Timeline

Publicly Published

2023-12-27 (about 6 months ago)

Added

2024-01-04 (about 5 months ago)

Last Updated

2024-01-04 (about 5 months ago)

Other

Published

Title

Published

2022-09-14

Title

Notice Board <= 1.1 - Contributor+ Stored Cross-Site Scripting

Published

2014-08-01

Title

Car Demon 1.0.1 - /wp-admin/edit.php Multiple Parameter XSS

Published

2024-06-10

Title

Custom Field Template < 2.6.2 - Authenticated(Constibutor+) Stored Cross-Site Scripting via Custom Field Name

Published

2021-09-20

Title

Polo Video Gallery <= 1.2 - Contributor+ Stored Cross-Site Scripting

Published

2024-02-14

Title

Action Network < 1.4.3 - Reflected Cross-Site Scripting via 'search'