CVE-2023-4022

Published: Sep 11, 2023Modified: Apr 23, 2025

4.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.7 / Impact: 2.7

Source: NVD

Description

The Herd Effects WordPress plugin before 5.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Affected (1)

Products: Wow Company: Herd Effects

Wow Company

1 product

Herd Effects

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wow Company Herd Effects	Before 5.2.3

References (2)

https://wpscan.com/vulnerability/c4ac0b19-58b1-4620-b3b7-fbe6dd6c8dd5

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/c4ac0b19-58b1-4620-b3b7-fbe6dd6c8dd5

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.