The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Metrics
Affected Vendors & Products
References
History
Tue, 08 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-08-16T11:03:25.318Z
Updated: 2024-10-08T19:09:40.483Z
Reserved: 2023-04-21T10:41:54.429Z
Link: CVE-2023-2225
Vulnrichment
Updated: 2024-08-02T06:12:20.666Z
NVD
Status : Modified
Published: 2023-08-16T12:15:12.797
Modified: 2024-11-21T07:58:11.483
Link: CVE-2023-2225
Redhat
No data.