WordPress Plugin Vulnerabilities

Mediabay <= 1.6 - Editor+ Stored XSS

Description

The plugin does not validate and escape some parameters, which could allow users with the editor role and above to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
mediabay-lite
No known fix

References

CVE
CVE-2023-46066

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
emad
Verified
No
WPVDB ID
cb323244-1e7e-43a0-ace9-b3e9dd125ba9

Timeline

Publicly Published
2023-10-16 (about 2 years ago)
Added
2023-10-17 (about 2 years ago)
Last Updated
2023-10-17 (about 2 years ago)

Other

Published
Title
Published
2023-02-23
Title
WPMobile.App < 11.19 - Admin+ Stored XSS
Published
2025-06-05
Title
The Events Calendar Countdown Addon < 1.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-11-29
Title
BP Better Messages < 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Published
2025-04-22
Title
UiCore Elements – Free Elementor widgets and templates < 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
Published
2024-08-29
Title
PowerPress Podcasting < 11.9.18 - Author+ XSS