The PubyDoc WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-11-20T18:55:02.071Z
Updated: 2024-08-02T07:44:53.415Z
Reserved: 2023-09-14T18:14:03.662Z
Link: CVE-2023-4970
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-11-20T19:15:09.580
Modified: 2024-11-21T08:36:22.360
Link: CVE-2023-4970
Redhat
No data.