CVE-2023-2337
05.06.2023, 14:15
The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminEnginsight
| Vendor | Product | Version |
|---|---|---|
| convertkit | convertkit_-_email_marketing\,_email_newsletter_and_landing_pages | 𝑥 < 2.2.1 |
𝑥
= Vulnerable software versions