CVE-2023-2354

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 31, 2023
Updated: Nov 7, 2023

Summary

CVE-2023-2354 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the CHP Ads Block Detector plugin for WordPress. This issue, present in versions up to and including 3.9.4, arises due to insufficient input sanitization and output escaping in admin settings, accessible through an AJAX action. Authenticated attackers with subscriber-level permissions or higher can exploit this vulnerability to inject arbitrary web scripts, which will execute whenever a user accesses an injected page. Consequently, attackers can manipulate content, steal user data, or perform other malicious actions. It is crucial for users to update to the latest version of the plugin or consider alternative security measures to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Apple (iPhone OS)
  • MacOS
  • iPadOS

Affected Vendors

  • Apple