mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-12 02:04:49 +00:00
32 lines
952 B
JSON
32 lines
952 B
JSON
|
{
|
||
|
|
"id": "CVE-2023-2113",
|
||
|
|
"sourceIdentifier": "contact@wpscan.com",
|
||
|
|
"published": "2023-05-30T08:15:09.900",
|
||
|
|
"lastModified": "2023-05-30T08:15:09.900",
|
||
|
|
"vulnStatus": "Received",
|
||
|
|
"descriptions": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users (such as an administrator) to inject arbitrary javascript into the admin panel, even when the unfiltered_html capability is disabled, such as in a multisite setup."
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"metrics": {},
|
||
|
|
"weaknesses": [
|
||
|
|
{
|
||
|
|
"source": "contact@wpscan.com",
|
||
|
|
"type": "Primary",
|
||
|
|
"description": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "CWE-79"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"references": [
|
||
|
|
{
|
||
|
|
"url": "https://wpscan.com/vulnerability/ddb4c95d-bbee-4095-aed6-25f6b8e63011",
|
||
|
|
"source": "contact@wpscan.com"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|