CVE-2023-4476

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Sep 25, 2023
Updated: Nov 7, 2023
CWE ID 79

Summary

CVE-2023-4476 is a vulnerability in the Locatoraid Store Locator WordPress plugin before version 3.9.24. It has been categorized as a Reflected Cross-Site Scripting (XSS) issue, which can be exploited against high privilege users such as admin. The vulnerability occurs due to the plugin's failure to sanitize and escape the lpr-search parameter before displaying it on the page. Multiple products are affected by this vulnerability, including jNTpcG, jOJ-lv, jNTpcH, and many others. To remediate this vulnerability, it is recommended to update the Locatoraid Store Locator plugin to version 3.9.24 or higher. This vulnerability poses a medium-severity risk with a CVSS base score of 6.1 and can potentially lead to unauthorized access and manipulation of data on affected websites.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-4476 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options