CVE-2023-2354

Summary

CVE-2023-2354 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the CHP Ads Block Detector plugin for WordPress. This issue, present in versions up to and including 3.9.4, arises due to insufficient input sanitization and output escaping in admin settings, accessible through an AJAX action. Authenticated attackers with subscriber-level permissions or higher can exploit this vulnerability to inject arbitrary web scripts, which will execute whenever a user accesses an injected page. Consequently, attackers can manipulate content, steal user data, or perform other malicious actions. It is crucial for users to update to the latest version of the plugin or consider alternative security measures to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.