Vulnerability CVE-2023-2029


Published: 2023-07-10

Description:
The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

See advisories in our WLB2 database:
Topic
Author
Date
Low
WordPress PrePost SEO 3.0 Cross Site Scripting
Taurus Omar
27.07.2023

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://wpscan.com/vulnerability/4889ad5a-c8c4-4958-b176-64560490497b

Copyright 2024, cxsecurity.com

 

Back to Top