CVE-2023-6987

NVD Published Date: August 24, 2024 at 02:15 AM
NVD Last Modified: August 26, 2024 at 12:47 PM
Download Patch
Vulnerability ID
CVE-2023-6987
Severity
MEDIUM
Severity Score
6.1
Summary
The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This required WP_DEBUG to be enabled in order to be exploited.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE ID
None

Recent Publish

CVE-2024-8120

CVE-2024-6631

CVE-2024-2254

CVE-2024-6499

CVE-2024-7351

CVE-2024-8127

See SecOps Solution
in action

Schedule Demo