CVE-2023-5200

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Oct 20, 2023

Updated: Nov 7, 2023

CWE ID 79

Summary

CVE-2023-5200 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the flowpaper plugin for WordPress. This issue allows authenticated attackers with contributor-level access and above to inject malicious scripts via the 'flipbook' shortcode in versions up to 2.0.3. The vulnerability stems from insufficient input sanitization and output escaping on user-supplied attributes, enabling attackers to execute arbitrary web scripts. As a result, pages containing injected code will run the scripts each time a user accesses them.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Flowpaper

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/suRnjc
https://www.cve.org/CVERecord?id=CVE-2023-5200
https://nvd.nist.gov/vuln/detail/CVE-2023-5200

Back to Vulnerability Database

CVE-2023-5200

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations