CVE-2023-49813
CVSS 3.1 Score 6.1 of 10 (medium)
Attack Complexity low
Scope changed
Confidentiality low
Integrity low
Availability none
Privileges Required none
Details
Published Dec 14, 2023
Updated: Dec 18, 2023
CWE ID 79
Summary
CVE-2023-49813 is a Cross-site Scripting (XSS) vulnerability affecting WP Photo Album Plus. The issue, which permits Stored XSS attacks, stems from improper neutralization of user input during web page generation. This flaw can be exploited by attackers to inject malicious scripts into a targeted website, potentially leading to unauthorized access, data theft, or even system compromise. Affected versions of WP Photo Album Plus span from n/a through 8.5.02.005. It is highly recommended that users upgrade to the latest, secure version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share