CVE-2023-4035

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 30, 2023
Updated: Nov 7, 2023

Summary

CVE-2023-4035 is a stored cross-site scripting (XSS) vulnerability affecting the Simple Blog Card WordPress plugin before version 1.31. This issue allows users with the contributor role and above to inject malicious scripts into a page or post where the affected shortcode is embedded. The plugin fails to validate and escape some shortcode attributes, enabling attackers to execute scripts in the context of other users. This could lead to unauthorized access, data theft, or defacement of websites using the vulnerable plugin. Users are advised to update to the latest version of the plugin to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Invisible-island Xterm

Affected Vendors

  • Invisible-island