CVE-2023-2309

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jul 24, 2023

Updated: Nov 7, 2023

Summary

CVE-2023-2309 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the wpForo Forum WordPress plugin before version 2.1.9. In debug mode, the plugin fails to properly escape certain request parameters, making it possible for attackers to inject malicious scripts into unsuspecting users' browsers. This could potentially result in data theft, unauthorized account access, or other malicious activities. Users are strongly urged to update to the latest version of the plugin to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Gvectors Wpforo Forum

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r5HHhh
https://www.cve.org/CVERecord?id=CVE-2023-2309
https://nvd.nist.gov/vuln/detail/CVE-2023-2309

Back to Vulnerability Database

CVE-2023-2309

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations