CVSS 3.1 Score 7.1 of 10 (high)


Published Sep 29, 2023
Updated: Sep 30, 2023


CVE-2023-41691 is a vulnerability categorized as Unauth. Reflected Cross-Site Scripting (XSS) in the Pensopay WooCommerce PensoPay plugin versions up to 6.3.1. This vulnerability has a risk score of 25 and a base severity of HIGH, with an exploitability score of 2.8. The attack vector is through the network and user interaction is required for exploitation. The impact of this vulnerability is low in terms of integrity and confidentiality, and availability is also low. The CVE poses a potential danger to organizations using the affected plugin as it allows unauthorized individuals to inject malicious scripts into web pages, potentially leading to information theft or unauthorized access to sensitive data. Patching or updating the plugin to version 6.3.2 or higher is recommended for remediation. Note: This summary has been compiled based on the provided information without any additional sources or context, strictly presenting facts about the vulnerability described in CVE-2023-41691.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-41691 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options