The User Submitted Posts plugin for WordPress is... · CVE-2023-4308 · GitHub Advisory Database · GitHub

The User Submitted Posts plugin for WordPress is...

Moderate severity Unreviewed Published Aug 21, 2023 to the GitHub Advisory Database • Updated Apr 4, 2024

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

References

Published by the National Vulnerability Database

Aug 15, 2023

Published to the GitHub Advisory Database Aug 21, 2023

Last updated Apr 4, 2024

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

Low

User interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N