WordPress Albo Pretorio Online Plugin <= 4.6 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-28750

7.1HIGH

Key Information:

Vendor: WordPress
Status: Albo Pretorio On Line
Vendor: CVE Published:; 22 June 2023

Summary

The Albo Pretorio On Line plugin for WordPress has a reflected Cross-Site Scripting (XSS) vulnerability that can be exploited by attackers. This flaw allows unauthenticated users to inject malicious scripts into the web pages returned by the application. When users interact with the compromised pages, the injected scripts can execute within their web browsers, potentially stealing sensitive information or altering user experience. Website administrators are urged to update their plugin to the latest version to mitigate this security risk.

Affected Version(s)

Albo Pretorio On line <= 4.6

References

https://patchstack.com/database/vulnerability/albo-pretor...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 22, 2023
Vulnerability Reserved
Mar 22, 2023

Credit

Phd (Patchstack Alliance)