WordPress Category Post List Widget Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-47516

7.1HIGH

Key Information:

Vendor: WordPress
Status: Category Post List Widget
Vendor: CVE Published:; 13 November 2023

What is CVE-2023-47516?

The Stark Digital Category Post List Widget is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability that can lead to stored Cross-Site Scripting (XSS) attacks. This flaw enables an attacker to craft malicious requests that impersonate a legitimate user. As a result, when an unwitting user interacts with the compromised widget, injected scripts may be executed within the context of their account, exposing sensitive data and potentially allowing unauthorized actions. The vulnerability affects versions from n/a through 2.0, emphasizing the need for timely updates and security measures.

Affected Version(s)

Category Post List Widget <= 2.0

References

https://patchstack.com/database/vulnerability/category-po...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2023
Vulnerability Reserved
Nov 6, 2023

Credit

LEE SE HYOUNG (Patchstack Alliance)