CVE-2023-46626

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 8, 2023

Updated: Nov 14, 2023

CWE ID 79

Summary

CVE-2023-46626 is an unauthorized Reflected Cross-Site Scripting (XSS) vulnerability affecting versions 2.1.7 and below of the FLOWFACT WP Connector plugin. An attacker can exploit this issue by injecting malicious scripts into a webpage viewed by other users, potentially gaining access to sensitive information or taking control of their sessions. This can lead to data theft or unauthorized actions within the affected application. Users are strongly encouraged to update their plugin to the latest version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tIwVGg
https://www.cve.org/CVERecord?id=CVE-2023-46626
https://nvd.nist.gov/vuln/detail/CVE-2023-46626

Back to Vulnerability Database

CVE-2023-46626

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations