MpOperationLogs <= 1.0.1 – Unauthenticated Stored XSS | CVE 2023-5538

Affects Plugins

mpoperationlogs

No known fix

References

CVE

CVE-2023-5538

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

7.2 (high)

Miscellaneous

Original Researcher

juweihuitao

Verified

No

WPVDB ID

c6b10257-046e-4e39-ae91-df1ea3fda8f7

Timeline

Publicly Published

2023-10-17 (about 2 years ago)

Added

2023-10-20 (about 2 years ago)

Last Updated

2023-10-20 (about 2 years ago)

Other

Published

Title

Published

2025-06-12

Title

IRM Newsroom < 1.2.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmflat' Shortcode

Published

2024-10-31

Title

AMP Img Shortcode <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-03-27

Title

OK Poster Group <= 1.1 - Reflected Cross-Site Scripting

Published

2023-10-17

Title

Media Library Assistant < 3.12 - Author+ Stored XSS

Published

2024-10-09

Title

GDPR-Extensions-com – Consent Manager < 1.0.1 - Author+ Stored XSS via SVG File Upload