idbbee <= 1.0 – Contributor+ Stored Cross-Site Scripting | CVE 2023-5114

Affects Plugins

idbbee

No known fix

References

CVE

CVE-2023-5114

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/ac763936-7147-4100-8a46-4c6d2f2224b4

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

5.4 (medium)

Miscellaneous

Original Researcher

Lana Codes, Alex Thomas

Verified

No

WPVDB ID

c77e7e8a-d61f-45cb-91ec-fa65119e9aae

Timeline

Publicly Published

2023-10-30 (about 2 years ago)

Added

2023-11-03 (about 2 years ago)

Last Updated

2023-11-03 (about 2 years ago)

Other

Published

Title

Published

2026-03-25

Title

BWL Advanced FAQ Manager Lite < 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sbox_id' Shortcode Attribute

Published

2025-01-30

Title

SeatReg < 1.56.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-03-19

Title

WP Database Audit <= 1.0 - Reflected Cross-Site Scripting

Published

2025-09-22

Title

Penci Recipe < 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-04-04

Title

Outdoor < 3.9.7 - Reflected XSS