CVE-2023-5050

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Oct 20, 2023

Updated: Nov 7, 2023

CWE ID 79

Summary

CVE-2023-5050 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Leaflet Map plugin for WordPress. The issue lies in the plugin's shortcodes, which lack sufficient input sanitization and output escaping, allowing authenticated attackers with contributor level and above permissions to inject malicious web scripts. These scripts will execute whenever a user accesses an injected page, posing a significant security risk. Versions up to and including 3.3.0 are vulnerable to this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/snxJ-r
https://www.cve.org/CVERecord?id=CVE-2023-5050
https://nvd.nist.gov/vuln/detail/CVE-2023-5050

Back to Vulnerability Database

CVE-2023-5050

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations