CVE-2023-1839

CVSS V2 None CVSS V3 None
Description
The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).
Overview
  • CVE ID
  • CVE-2023-1839
  • Assigner
  • contact@wpscan.com
  • Vulnerability Status
  • Awaiting Analysis
  • Published Version
  • 2023-05-15T13:15:10
  • Last Modified Date
  • 2023-05-15T13:26:09
History
Created Old Value New Value Data Type Notes
2023-05-15 14:03:01 Added to TrackCVE
2023-05-15 14:03:03 Weakness Enumeration new