Stored Cross-Site Scripting in CPO Companion Plugin for WordPress
CVE-2023-0162
4.8MEDIUM
Summary
The CPO Companion plugin for WordPress is susceptible to Stored Cross-Site Scripting attacks due to inadequate input sanitization and output escaping in its content type settings parameters. This vulnerability allows authenticated users with administrator privileges to inject malicious scripts, which can be executed by unsuspecting users when they access the compromised pages. Attackers can exploit this flaw to manipulate content and gain unauthorized access to sensitive user data.
Affected Version(s)
CPO Companion * <= 1.0.4
References
CVSS V3.1
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved