CVE-2023-2578
4.8
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Exploitability: 1.7 / Impact: 2.7
Source: NVD
Description
The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected (1)
Products: Buymeacoffee: Buy Me A Coffee
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.7 |
References (2)
Source: contact@wpscan.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Timeline
No history available yet.