CVE-2023-41691

Summary

CVE-2023-41691 is a vulnerability categorized as Unauth. Reflected Cross-Site Scripting (XSS) in the Pensopay WooCommerce PensoPay plugin versions up to 6.3.1. This vulnerability has a risk score of 25 and a base severity of HIGH, with an exploitability score of 2.8. The attack vector is through the network and user interaction is required for exploitation. The impact of this vulnerability is low in terms of integrity and confidentiality, and availability is also low. The CVE poses a potential danger to organizations using the affected plugin as it allows unauthorized individuals to inject malicious scripts into web pages, potentially leading to information theft or unauthorized access to sensitive data. Patching or updating the plugin to version 6.3.2 or higher is recommended for remediation. Note: This summary has been compiled based on the provided information without any additional sources or context, strictly presenting facts about the vulnerability described in CVE-2023-41691.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.