WordPress Molongui Plugin <= 4.6.19 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-39164
7.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 4 September 2023
What is CVE-2023-39164?
The Molongui Author Box plugin for WordPress contains an unauthenticated reflected Cross-Site Scripting (XSS) vulnerability. This issue allows attackers to inject arbitrary JavaScript code into web pages viewed by other users. Affected versions include all prior to 4.6.19. It's crucial for site administrators using this plugin to update to the latest version to mitigate the risk of this vulnerability and ensure the security of their sites.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors β Molongui <= 4.6.19
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Credit
LEE SE HYOUNG (Patchstack Alliance)