CVE-2023-30482

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 8, 2023

Updated: Aug 10, 2023

CWE ID 79

Summary

CVE-2023-30482 is a stored Cross-Site Scripting (XSS) vulnerability affecting versions 1.0.10 and below of the VillaTheme WPBulky plugin for WordPress. An attacker can inject malicious scripts into webpages viewed by other users, potentially stealing sensitive information or taking control of their sessions. This flaw, classified as an Authentication issue, occurs due to insufficient input validation in the plugin's contributor role. Users are urged to update to the latest version or use alternative plugins to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sDcEhm
https://www.cve.org/CVERecord?id=CVE-2023-30482
https://nvd.nist.gov/vuln/detail/CVE-2023-30482

Back to Vulnerability Database

CVE-2023-30482

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations