Vulnerability CVE-2023-0421
Published: 2023-05-08

Description:
The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link.

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://wpscan.com/vulnerability/a356fea0-f143-4736-b2b2-c545c525335c
Copyright 2026, cxsecurity.com

 

Back to Top