The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-11-27T16:22:00.142Z
Updated: 2024-08-02T07:59:44.715Z
Reserved: 2023-10-12T15:08:01.136Z
Link: CVE-2023-5560
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-11-27T17:15:08.980
Modified: 2023-11-30T20:19:52.993
Link: CVE-2023-5560
Redhat
No data.