WordPress Plugin Vulnerabilities

Scripts n Styles < 3.5.8 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Affects Plugins

Plugin icon
scripts-n-styles
Fixed in 3.5.8

References

CVE
CVE-2023-31236

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
konagash
Verified
No
WPVDB ID
df254420-9024-4129-bc46-a57e22161262

Timeline

Publicly Published
2023-05-18 (about 2 years ago)
Added
2023-06-12 (about 2 years ago)
Last Updated
2023-06-12 (about 2 years ago)

Other

Published
Title
Published
2023-10-18
Title
WordPress Popular Posts < 6.3.3 - Contributor+ Stored XSS
Published
2019-09-05
Title
WordPress 5.2.2 - Authenticated Cross-Site Scripting (XSS) in Post Previews
Published
2022-07-07
Title
Team <= 1.2.6 - Contributor+ Stored Cross-Site Scripting
Published
2025-07-04
Title
My Reservation System <= 2.3 - Reflected XSS
Published
2019-09-03
Title
Portrait-Archiv.com Photostore <= 3.1 - Unauthenticated Reflected XSS