WordPress Plugin Vulnerabilities

Add Posts to Pages <= 1.4.1 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
add-posts-to-pages
No known fix

References

CVE
CVE-2023-23826
URL
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/add-posts-to-pages/add-posts-to-pages-141-authenticated-contributor-stored-cross-site-scripting

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
d90baced-2c57-4f0c-869d-0965bcfe790a

Timeline

Publicly Published
2023-05-11 (about 3 years ago)
Added
2023-08-10 (about 2 years ago)
Last Updated
2023-08-10 (about 2 years ago)

Other

Published
Title
Published
2021-05-14
Title
WooCommerce Amazon Pay 2.0.0 - Reflected Cross-Site Scripting
Published
2022-02-01
Title
Product Feed PRO for WooCommerce < 11.2.3 - Reflected Cross-Site Scripting
Published
2024-11-27
Title
FAQ Builder AYS < 1.7.2 - Reflected Cross-Site Scripting
Published
2026-03-20
Title
Ed's Social Share <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
Published
2025-03-07
Title
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates < 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting