WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-47876

7.1HIGH

Key Information:

Vendor: WordPress
Status: Perfmatters
Vendor: CVE Published:; 30 November 2023

What is CVE-2023-47876?

The Perfmatters plugin by WebShine is susceptible to a reflected Cross-site Scripting (XSS) vulnerability, which allows attackers to inject malicious scripts into web pages viewed by users. This flaw occurs due to improper handling of user input during the web page generation process. Attackers can exploit this weakness by crafting harmful links that, when clicked by an unsuspecting user, execute arbitrary JavaScript in their browser context. Affected versions include all versions from n/a through 2.1.6. It is crucial for website administrators to review and update their installations to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Perfmatters <= 2.1.6

References

https://patchstack.com/database/vulnerability/perfmatters...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 30, 2023
Vulnerability Reserved
Nov 13, 2023

Credit

Dave Jong (Patchstack)