CVE-2023-27609

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Nov 19, 2024

Updated: Nov 25, 2024

CWE ID 79

Summary

CVE-2023-27609 is a Cross-site Scripting (XSS) vulnerability affecting the NetTantra WP Roles at Registration plugin. The flaw, which allows Stored XSS attacks, is caused by improper neutralization of user input during web page generation. This vulnerability can be exploited to inject malicious scripts into a victim's web browser, potentially leading to session hijacking, data theft, or other unintended actions. The issue affects all versions of the plugin from n/a through 0.23. Users are advised to apply the necessary patches or updates as soon as possible to prevent potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/qSD6IG
https://www.cve.org/CVERecord?id=CVE-2023-27609
https://nvd.nist.gov/vuln/detail/CVE-2023-27609

Back to Vulnerability Database

CVE-2023-27609

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations