WordPress Recent Posts Slider Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-35043

7.1HIGH

Key Information:

Vendor: WordPress
Status: Recent Posts Slider
Vendor: CVE Published:; 25 July 2023

What is CVE-2023-35043?

An unauthenticated stored Cross-Site Scripting (XSS) vulnerability exists in versions of the Recent Posts Slider plugin developed by Neha Goel. Attackers can exploit this issue to inject malicious scripts into the application, which would be executed in the context of the user's browser. This can lead to unauthorized actions, data theft, or the delivery of malware. Users running versions less than or equal to 1.1 are encouraged to update their plugins to mitigate potential security risks.

Affected Version(s)

References

https://patchstack.com/database/vulnerability/recent-post...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2023
Vulnerability Reserved
Jun 12, 2023

Credit

LEE SE HYOUNG (Patchstack Alliance)

CVE-2023-35043 Data

JSON