Stored Cross-Site Scripting Vulnerability in eCommerce Product Catalog Plugin for WordPress
CVE-2023-1470
4.8MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 17 March 2023
What is CVE-2023-1470?
The eCommerce Product Catalog plugin for WordPress contains a vulnerability that allows authenticated attackers with administrator-level permissions to execute arbitrary web scripts on user-accessed pages. This issue arises from inadequate input sanitization and output escaping of specific settings parameters. The vulnerability primarily affects multi-site installations and those where unfiltered_html functionality is disabled, posing a risk of malicious script injections.
Affected Version(s)
eCommerce Product Catalog Plugin for WordPress * <= 3.3.8