cve/CVE-2023-4823.md at a8969e132322a214e7b78da5711159d6f891f0ab

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 4edef1e4c8 Update CVE sources 2024-05-28 08:49

2024-05-28 08:49:17 +00:00

Description

The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change them and perform Stored Cross-Site Scripting.

POC

Reference

https://wpscan.com/vulnerability/84f53e27-d8d2-4fa3-91f9-447037508d30

Github

No PoCs found on GitHub currently.

909 B Raw Blame History

CVE-2023-4823

Description

POC

Reference

Github

909 B

Raw Blame History