CVE-2023-28692

Summary

CVE-2023-28692 is a stored Cross-Site Scripting (XSS) vulnerability affecting version 2.6.3 and older of the WP Abstracts plugin by Kevon Adonis. Malicious scripts can be injected into admin pages and persist even after user logout, allowing unauthorized access and data theft. An attacker can exploit this issue by crafting a malicious input that is stored on the server and subsequently executed when a vulnerable page is loaded, leading to potential privilege escalation and unintended functionality. Website administrators are advised to update to the latest plugin version or consider implementing additional security measures to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.