WordPress bbPress Toolkit Plugin <= 1.0.12 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-34032

7.1HIGH

Key Information:

Vendor: WordPress
Status: Bbpress Toolkit
Vendor: CVE Published:; 30 August 2023

What is CVE-2023-34032?

The bbPress Toolkit plugin, created by Pascal Casier, has been identified with a reflected cross-site scripting (XSS) vulnerability affecting versions up to 1.0.12. This security issue allows unauthenticated users to inject malicious scripts into web pages, which can be executed in the browsers of users visiting the affected site. This could potentially lead to unauthorized actions being performed on behalf of the victim or sensitive data exposure. It's essential for users of the plugin to take immediate action by updating to a secure version to mitigate this risk.

Affected Version(s)

bbPress Toolkit <= 1.0.12

References

https://patchstack.com/database/vulnerability/bbp-toolkit...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 30, 2023
Vulnerability Reserved
May 25, 2023

Credit

thiennv (Patchstack Alliance)