Reflected XSS Vulnerability in Front End Users
CVE-2023-33322

7.1HIGH

Key Information:

Vendor

WordPress
Status
Front End Users
Vendor
CVE Published:
26 March 2024

What is CVE-2023-33322?

An improper neutralization of input during web page generation results in a Cross-site Scripting (XSS) vulnerability in the Etoile Web Design Front End Users Plugin. This issue allows attackers to inject malicious scripts, potentially compromising user data and interacting with users' sessions. The vulnerability affects versions of the plugin before 3.2.25, highlighting the importance of ensuring input validation to mitigate such security risks.

Affected Version(s)

Front End Users < 3.2.25

References

https://patchstack.com/database/vulnerability/front-end-o...
vdb-entry

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

thiennv (Patchstack Alliance)
.