CVE-2023-37388

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Aug 10, 2023
Updated: Aug 15, 2023
CWE ID 79

Summary

CVE-2023-37388 represents a stored Cross-Site Scripting (XSS) vulnerability affecting version 2.0 of the Sudipto Pratap Mahato Simple Light Weight Social Share plugin. This issue enables an attacker, with administrative privileges, to inject malicious code into the plugin's input fields. The exploitation of this flaw can lead to unauthorized script execution on the affected website, potentially resulting in data theft, session hijacking, or other forms of unintended access. To mitigate this risk, users are advised to upgrade to the latest version or patch of the plugin, as soon as it becomes available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share