Stored Cross-Site Scripting in Short URL Plugin for WordPress
CVE-2023-1602
4.4MEDIUM
Summary
The Short URL plugin for WordPress is susceptible to stored Cross-Site Scripting due to inadequate input sanitization and output escaping in versions prior to 1.6.4. This vulnerability allows authenticated attackers with administrator rights to inject malicious scripts into pages. When other users access these compromised pages, the injected scripts execute, potentially leading to unauthorized actions or data leaks.
Affected Version(s)
Short URL 1.6.4
References
CVSS V3.1
Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Etan Imanol Castro Aldrete