CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-2254

The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup), and we consider it a low risk.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 21.6%

CVSS Severity

CVSS v3 Score 4.8

References

https://wpscan.com/vulnerability/8886ec5f-8465-448f-adbd-68a3e84c5dec
https://wpscan.com/vulnerability/8886ec5f-8465-448f-adbd-68a3e84c5dec

Products affected by CVE-2023-2254

Ko-Fi » Ko-Fi Button » Version: Any

cpe:2.3:a:ko-fi:ko-fi_button:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-2254

Products

Pricing

Contact Us