Stored Cross-Site Scripting Vulnerability in Bitly Plugin for WordPress
CVE-2023-5577
6.4MEDIUM
What is CVE-2023-5577?
The Bitly plugin for WordPress is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability via the 'wpbitly' shortcode. This affects all versions up to and including 2.7.1, allowing authenticated attackers with contributor-level permissions or higher to inject malicious scripts. Due to insufficient input sanitization and output escaping on user-supplied attributes, when users access affected pages, arbitrary web scripts could execute, potentially leading to session hijacking and data theft.
Affected Version(s)
Bitly's WordPress Plugin 0 <= 2.7.1