ByteOS Network

NVD Vulnerability Details :

CVE-2023-2029

Modified

Source-contact@wpscan.com

Published At-10 Jul, 2023 | 16:15

Updated At-07 Nov, 2023 | 04:11

The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CPE Matches

enzipe>>prepost_seo>>Versions up to 3.0(inclusive)

cpe:2.3:a:enzipe:prepost_seo:*:*:*:*:*:wordpress:*:*

References

Hyperlink	Source	Resource
http://packetstormsecurity.com/files/173729/WordPress-PrePost-SEO-3.0-Cross-Site-Scripting.html	contact@wpscan.com	Exploit Third Party Advisory VDB Entry
https://wpscan.com/vulnerability/4889ad5a-c8c4-4958-b176-64560490497b	contact@wpscan.com	Exploit Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History