WordPress Plugin Vulnerabilities

LINE Notify < 1.4.5 - Reflected XSS

Description

The plugin does not sanitise and escape the uid parameter before outputting it back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Affects Plugins

Plugin icon
wp-line-notify
Fixed in 1.4.5

References

CVE
CVE-2023-30497

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
Ivy - TOOR, LISA
Verified
No
WPVDB ID
ad2d1db4-cae6-41b0-b6ca-860924dea2ef

Timeline

Publicly Published
2023-08-14 (about 2 years ago)
Added
2023-09-06 (about 2 years ago)
Last Updated
2023-09-06 (about 2 years ago)

Other

Published
Title
Published
2025-03-06
Title
Advanced File Manager < 5.3.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload
Published
2022-07-20
Title
Duplicate Page and Post Plugin < 2.8 - Admin+ Stored Cross-Site Scripting
Published
2024-11-08
Title
Assist24 Help Desk <= 20150401.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-10-21
Title
Material Design Iconic Font Integration <= 2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-09-26
Title
Pop-Up Chop Chop <= 2.1.7 - Contributor+ Stored Cross-Site Scripting