Stored Cross-Site Scripting Vulnerability in Gift Up Gift Cards Plugin for WordPress

CVE-2023-5703

What is CVE-2023-5703?

The Gift Up Gift Cards plugin for WordPress and WooCommerce is susceptible to Stored Cross-Site Scripting (XSS) attacks via the 'giftup' shortcode. This vulnerability arises from inadequate input sanitization and output escaping on user-supplied parameters, enabling authenticated attackers with contributor-level permissions and higher to inject malicious scripts. These scripts could execute on any page viewed by users, posing significant security risks to websites utilizing this plugin. Users are urged to update to the latest version to mitigate potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References