CVE-2023-0152

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jun 5, 2023

Updated: Jan 8, 2025

CWE ID 79

Summary

CVE-2023-0152 is a newly disclosed vulnerability affecting the WP Multi Store Locator plugin for WordPress. This issue, present in versions 2.4 and below, allows users with the contributor role and above to execute Stored Cross-Site Scripting attacks. The plugin fails to validate and properly escape certain shortcode attributes, providing an opportunity for attackers to inject malicious code into pages and posts where the shortcode is embedded. This can lead to unintended functionality, unauthorized access, or data theft. Users are strongly encouraged to update to the latest version of the plugin or consider disabling it until a patch is released.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Vendors

WPExperts

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners