CVE-2023-47673

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 14, 2023
Updated: Feb 6, 2024
CWE ID 79

Summary

CVE-2023-47673 is an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability affecting versions 2.784 and below of the Stefano Ottolenghi Post Pay Counter plugin. An attacker can inject malicious scripts into a website using this flaw, potentially stealing user data or taking control of their sessions. This issue poses a serious risk, as it requires no user authentication for exploitation. Website administrators using the affected plugin version are advised to apply the latest patch or upgrade to a secure version as soon as possible to mitigate the threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share