The WP Brutal AI WordPress plugin before 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Metrics
Affected Vendors & Products
References
History
Wed, 09 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: WPScan
Published: 2023-08-14T19:10:23.250Z
Updated: 2024-10-09T15:42:57.757Z
Reserved: 2023-05-09T15:44:27.706Z
Link: CVE-2023-2606

Updated: 2024-08-02T06:26:09.823Z

Status : Modified
Published: 2023-08-14T20:15:11.080
Modified: 2024-11-21T07:58:55.210
Link: CVE-2023-2606

No data.