CVE-2023-40663

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Sep 27, 2023

Updated: Sep 28, 2023

CWE ID 79

Summary

CVE-2023-40663 is a newly identified Cross-Site Scripting (XSS) vulnerability affecting version 8.3.4 of the Rextheme WP VR plugin for WordPress. An attacker can inject malicious scripts into a webpage viewed by other users, leading to unauthorized code execution and potential data theft or website defacement. Users are advised to update their plugin to the latest version or consider using alternative, secure solutions to protect their WordPress sites from this unauthenticated XSS threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sY1vAt
https://www.cve.org/CVERecord?id=CVE-2023-40663
https://nvd.nist.gov/vuln/detail/CVE-2023-40663

Back to Vulnerability Database

CVE-2023-40663

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations