← volver
CVE-2023-4798

User Avatar - Reloaded < 1.2.2 - Contributor+ Stored XSS

EPSS 0.4%
The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks.
Productos afectados
Unknown · User Avatar

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/273a95bf-39fe-4ba7-bc14-9527acfd9f42