CVE-2023-7084

The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
davidjmillervoting_record
𝑥
≤ 2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://magos-securitas.com/txt/CVE-2023-7084.txt
https://wpscan.com/vulnerability/5e51e239-919b-4e74-a7ee-195f3817f907/
https://magos-securitas.com/txt/CVE-2023-7084.txt
https://wpscan.com/vulnerability/5e51e239-919b-4e74-a7ee-195f3817f907/