Vulnerability Details CVE-2023-2026
The Image Protector WordPress plugin through 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.7%
CVSS Severity
CVSS v3 Score 4.8
References
Products affected by CVE-2023-2026
-
cpe:2.3:a:image_protector_project:image_protector:-
-
cpe:2.3:a:image_protector_project:image_protector:1.0
-
cpe:2.3:a:image_protector_project:image_protector:1.1