CVE-2023-28779

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 10, 2023
Updated: Aug 15, 2023
CWE ID 79

Summary

CVE-2023-28779 is a newly discovered cross-site scripting (XSS) vulnerability affecting the Vladimir Statsenko Terms descriptions plugin versions 3.4.4 and below. An attacker can exploit this unauthenticated XSS weakness to inject malicious scripts into a targeted website, potentially stealing user data or gaining unauthorized access. Websites using the affected plugin should be updated to the latest version immediately to mitigate this risk. Failure to do so may lead to data breaches and other security consequences.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share