CVE-2023-4919

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 20, 2023

Updated: Nov 7, 2023

CWE ID 552

Summary

CVE-2023-4919 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the iframe plugin for WordPress. This issue, present in versions up to 4.6, allows authenticated attackers with contributor-level permissions or higher to inject arbitrary web scripts into pages via the `iframe` shortcode. The vulnerability arises from insufficient input sanitization and output escaping. The vulnerability was only partially patched in version 4.6, with a full patch being implemented in version 4.7.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/th5mDZ
https://www.cve.org/CVERecord?id=CVE-2023-4919
https://nvd.nist.gov/vuln/detail/CVE-2023-4919

Back to Vulnerability Database

CVE-2023-4919

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations