IMPress Listings <= 2.6.2 – Contributor+ Stored XSS | CVE 2023-22711

Affects Plugins

wp-listings

No known fix

References

CVE

CVE-2023-22711

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.8 (medium)

Miscellaneous

Original Researcher

Lana Codes

Verified

No

WPVDB ID

c2c5a8ba-ec67-469c-9272-7b06a8ca5d04

Timeline

Publicly Published

2023-04-06 (about 3 years ago)

Added

2023-05-10 (about 3 years ago)

Last Updated

2023-05-10 (about 3 years ago)

Other

Published

Title

Published

2023-08-22

Title

Landing Page Builder < 1.5.1.3 - Admin+ Stored XSS

Published

2019-09-25

Title

Easy Fancybox < 1.8.18 - Authenticated Stored XSS

Published

2025-01-16

Title

Tax Report for WooCommerce <= 2.2 - Reflected Cross-Site Scripting

Published

2014-08-01

Title

bp-gallery 1.2.5 - Cross Site Scripting

Published

2024-07-06

Title

Simple Social Share <= 3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting