Stored Cross-Site Scripting Vulnerability in Copy Anything to Clipboard Plugin for WordPress
CVE-2023-5086
6.4MEDIUM
Summary
The Copy Anything to Clipboard plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability that arises from insufficient input sanitization and output escaping on user-supplied data via the 'copy' shortcode. When this vulnerability is exploited by authenticated users with contributor-level access or higher, they can inject malicious web scripts into pages. These scripts will execute whenever other users access the affected pages, potentially compromising user data and session integrity.
Affected Version(s)
Copy Anything to Clipboard * <= 2.6.4
References
CVSS V3.1
Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Lana Codes