CVSS 3.1 Score 4.4 of 10 (medium)


Published Oct 14, 2023
Updated: Nov 7, 2023


The vulnerability with the CVE ID CVE-2023-1259 affects the Hotjar plugin for WordPress in versions up to and including 1.0.15. It is a Stored Cross-Site Scripting vulnerability that occurs due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with administrator-level permissions or higher to inject arbitrary web scripts on pages, which will execute when a user accesses those pages. This vulnerability specifically affects multi-site installations and installations where unfiltered_html has been disabled. To remediate this vulnerability, users should update their Hotjar plugin to a version that addresses this issue. The potential danger posed by this vulnerability is that it can be exploited by attackers to execute malicious scripts on vulnerable websites, potentially compromising user data or spreading malware.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-1259 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options