← voltar
CVE-2023-4798

User Avatar - Reloaded < 1.2.2 - Contributor+ Stored XSS

EPSS 0.4%
The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks.
Produtos afetados
Unknown · User Avatar

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://wpscan.com/vulnerability/273a95bf-39fe-4ba7-bc14-9527acfd9f42