Stored XSS Vulnerability in WP Roles at Registration
CVE-2023-27609

4.8MEDIUM

Key Information:

Vendor: Nettantra
Status: WP Roles At Registration
Vendor: CVE Published:; 19 November 2024

Summary

A vulnerability exists within the NetTantra WP Roles plugin that permits improper neutralization of user input during web page generation, specifically manifested as a cross-site scripting (XSS) flaw. This issue enables attackers to inject malicious scripts that can be stored and executed in the context of other users' browsers. The impact of this vulnerability can lead to unauthorized data access, session hijacking, and a significant compromise of site and user integrity, affecting all installations from an earlier version up to 0.23.

Affected Version(s)

WP Roles at Registration <= 0.23

References

https://patchstack.com/database/vulnerability/wp-roles-at...

vdb-entry

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 19, 2024
Vulnerability Reserved
Mar 5, 2023

Credit

Pavak Tiwari (Patchstack Alliance)