WordPress Plugin Vulnerabilities

wpDiscuz < 7.6.12 - Unauthenticated Stored XSS

Description

The plugin does not validate and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
wpdiscuz
Fixed in 7.6.12

References

CVE
CVE-2023-47185

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Original Researcher
FearZzZz
Verified
No
WPVDB ID
f061ffa4-25f2-4ad5-9edb-6cb2c7b678d1

Timeline

Publicly Published
2023-10-31 (about 2 years ago)
Added
2023-11-07 (about 2 years ago)
Last Updated
2023-11-07 (about 2 years ago)

Other

Published
Title
Published
2025-10-06
Title
Sonaar < 4.27.5 - Unauthenticated Stored Cross-Site Scripting
Published
2015-04-20
Title
Broken Link Checker <= 1.10.5 - CSRF/XSS
Published
2024-11-20
Title
Beds24 Online Booking < 2.0.28 - Contributor+ Stored XSS via beds24-link Shortcode
Published
2025-01-27
Title
Philantro – Donations and Donor Management < 5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via donate Shortcode
Published
2025-06-27
Title
WP Edit <= 4.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting