CVE-2023-23728 - WP Flipclock <= 1.7.4 Contributor+ Cross Site Scripting

less than 1 minute read

Researcher

This vulnerability was discovered by @yuyudhn.

Description

yuyudhn discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress WP Flipclock Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.8.

Details

Detail about software affected by CVE-2023-23728.

Parameter	Description
Software	WP Flipclock
Type	WordPress Plugin
Developer	Winwar Media
Plugin URL	https://wordpress.org/plugins/wp-flipclock/
Vulnerable Version	<= 1.7.4
Classification	Cross Site Scripting (XSS)
Required privilege	Contributor
Publicly disclosed	20.01.2023

Proof of Concept

Not published yet.

References

CVE-2023-23728 - Patchstack
https://www.cve.org/CVERecord?id=CVE-2023-23728

Share on

Twitter Facebook LinkedIn

Yudha P.