CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-4779

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 36.4%

CVSS Severity

CVSS v3 Score 6.4

References

Products affected by CVE-2023-4779

Plugin-Planet » User Submitted Posts » Version: N/A

cpe:2.3:a:plugin-planet:user_submitted_posts:-
Plugin-Planet » User Submitted Posts » Version: 20160215

cpe:2.3:a:plugin-planet:user_submitted_posts:20160215
Plugin-Planet » User Submitted Posts » Version: 20171101

cpe:2.3:a:plugin-planet:user_submitted_posts:20171101
Plugin-Planet » User Submitted Posts » Version: 20171103

cpe:2.3:a:plugin-planet:user_submitted_posts:20171103
Plugin-Planet » User Submitted Posts » Version: 20171104

cpe:2.3:a:plugin-planet:user_submitted_posts:20171104
Plugin-Planet » User Submitted Posts » Version: 20171105

cpe:2.3:a:plugin-planet:user_submitted_posts:20171105
Plugin-Planet » User Submitted Posts » Version: 20180314

cpe:2.3:a:plugin-planet:user_submitted_posts:20180314
Plugin-Planet » User Submitted Posts » Version: 20180319

cpe:2.3:a:plugin-planet:user_submitted_posts:20180319
Plugin-Planet » User Submitted Posts » Version: 20180323

cpe:2.3:a:plugin-planet:user_submitted_posts:20180323
Plugin-Planet » User Submitted Posts » Version: 20180511

cpe:2.3:a:plugin-planet:user_submitted_posts:20180511
Plugin-Planet » User Submitted Posts » Version: 20180822

cpe:2.3:a:plugin-planet:user_submitted_posts:20180822
Plugin-Planet » User Submitted Posts » Version: 20181117

cpe:2.3:a:plugin-planet:user_submitted_posts:20181117
Plugin-Planet » User Submitted Posts » Version: 20190220

cpe:2.3:a:plugin-planet:user_submitted_posts:20190220
Plugin-Planet » User Submitted Posts » Version: 20190312

cpe:2.3:a:plugin-planet:user_submitted_posts:20190312
Plugin-Planet » User Submitted Posts » Version: 20190426

cpe:2.3:a:plugin-planet:user_submitted_posts:20190426
Plugin-Planet » User Submitted Posts » Version: 20190501

cpe:2.3:a:plugin-planet:user_submitted_posts:20190501
Plugin-Planet » User Submitted Posts » Version: 20190502

cpe:2.3:a:plugin-planet:user_submitted_posts:20190502
Plugin-Planet » User Submitted Posts » Version: 20190902

cpe:2.3:a:plugin-planet:user_submitted_posts:20190902
Plugin-Planet » User Submitted Posts » Version: 20230809

cpe:2.3:a:plugin-planet:user_submitted_posts:20230809
Plugin-Planet » User Submitted Posts » Version: 20230811

cpe:2.3:a:plugin-planet:user_submitted_posts:20230811

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-4779

Products

Pricing

Contact Us