Stored Cross-Site Scripting Vulnerability in Gift Up Gift Cards Plugin for WordPress
CVE-2023-5703

6.4MEDIUM

Key Information:

Vendor: WordPress
Status: Gift Up Gift Cards For WordPress And WooCommerce
Vendor: CVE Published:; 7 November 2023

What is CVE-2023-5703?

The Gift Up Gift Cards plugin for WordPress and WooCommerce is susceptible to Stored Cross-Site Scripting (XSS) attacks via the 'giftup' shortcode. This vulnerability arises from inadequate input sanitization and output escaping on user-supplied parameters, enabling authenticated attackers with contributor-level permissions and higher to inject malicious scripts. These scripts could execute on any page viewed by users, posing significant security risks to websites utilizing this plugin. Users are urged to update to the latest version to mitigate potential exploits.

Affected Version(s)

Gift Up Gift Cards for WordPress and WooCommerce * <= 2.20.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/gift-up/tags/2...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2023
Vulnerability Reserved
Oct 22, 2023

Credit

Lana Codes