CVE-2023-50905

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 29, 2024

CWE ID 79

Summary

CVE-2023-50905 is a Cross-site Scripting (XSS) vulnerability affecting WP Activity Log, a WordPress plugin. The issue arises from improper neutralization of user input during web page generation. An attacker can exploit this flaw to inject malicious scripts into a targeted website, potentially stealing user data or taking control of user sessions. The vulnerability exists in versions of WP Activity Log from n/a through 4.6.1. Users are strongly advised to update their plugins to the latest patched version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t0N_Yh
https://www.cve.org/CVERecord?id=CVE-2023-50905
https://nvd.nist.gov/vuln/detail/CVE-2023-50905

Back to Vulnerability Database

CVE-2023-50905

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations