WordPress Plugin Vulnerabilities

Favorites < 2.3.3 - Contributor+ Stored Cross-Site Scripting via Shortcode

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back into the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins.

Affects Plugins

Plugin icon
favorites
Fixed in 2.3.3

References

CVE
CVE-2023-2304
URL
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/favorites/favorites-232-authenticated-contributor-stored-cross-site-scripting-via-shortcode

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
b85440cf-4794-46d5-9d34-17d078826b3f

Timeline

Publicly Published
2023-05-30 (about 2 years ago)
Added
2023-05-31 (about 2 years ago)
Last Updated
2023-05-31 (about 2 years ago)

Other

Published
Title
Published
2014-08-01
Title
Awake 3.3 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download
Published
2023-09-25
Title
Simple Membership < 4.3.5 - Privilege escalation via Registration
Published
2015-07-10
Title
Sell Downloads < 1.0.8 - Insufficient Restrictions when Brute-Force Purchase IDs
Published
2018-03-14
Title
MailPoet Newsletters < 2.8.2 - Spam Vulnerability
Published
2014-08-01
Title
DejaVu 2.4 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion