WordPress Add Shortcodes Actions And Filters Plugin <= 2.0.9 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-46072

7.1HIGH

Key Information:

Vendor: WordPress
Status: Add Shortcodes Actions And Filters
Vendor: CVE Published:; 26 October 2023

What is CVE-2023-46072?

A reflected Cross-Site Scripting (XSS) vulnerability exists in the Add Shortcodes Actions And Filters plugin by Michael Simpson, affecting versions 2.0.9 and earlier. This flaw allows attackers to inject malicious scripts into web pages, potentially compromising user interactions and data when exploited. Users of this plugin are urged to update to a secure version to mitigate the risks associated with this vulnerability.

Affected Version(s)

Add Shortcodes Actions And Filters <= 2.0.9

References

https://patchstack.com/database/vulnerability/add-actions...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2023
Vulnerability Reserved
Oct 16, 2023

Credit

Le Ngoc Anh (Patchstack Alliance)