Reflected XSS Vulnerability in Front End Users
CVE-2023-33322

7.1HIGH

Key Information:

Vendor: WordPress
Status: Front End Users
Vendor: CVE Published:; 26 March 2024

Summary

An improper neutralization of input during web page generation results in a Cross-site Scripting (XSS) vulnerability in the Etoile Web Design Front End Users Plugin. This issue allows attackers to inject malicious scripts, potentially compromising user data and interacting with users' sessions. The vulnerability affects versions of the plugin before 3.2.25, highlighting the importance of ensuring input validation to mitigate such security risks.

Affected Version(s)

Front End Users < 3.2.25

References

https://patchstack.com/database/vulnerability/front-end-o...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 26, 2024
Vulnerability Reserved
May 22, 2023

Credit

thiennv (Patchstack Alliance)