CVE-2023-47673
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2023-47673 is an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability affecting versions 2.784 and below of the Stefano Ottolenghi Post Pay Counter plugin. An attacker can inject malicious scripts into a website using this flaw, potentially stealing user data or taking control of their sessions. This issue poses a serious risk, as it requires no user authentication for exploitation. Website administrators using the affected plugin version are advised to apply the latest patch or upgrade to a secure version as soon as possible to mitigate the threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.