CVE-2023-6446

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Jan 11, 2024

Updated: Jan 16, 2024

CWE ID 79

Summary

CVE-2023-6446 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Calculated Fields Form plugin for WordPress. This issue, present in all versions up to 1.2.40, arises due to insufficient input sanitization and output escaping in the admin settings. Authenticated attackers with administrator-level permissions can exploit this vulnerability to inject arbitrary web scripts into pages. These scripts will execute whenever a user accesses an injected page. This vulnerability poses a threat mainly to multi-site installations and installations where unfiltered_html has been disabled.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/toVrDC
https://www.cve.org/CVERecord?id=CVE-2023-6446
https://nvd.nist.gov/vuln/detail/CVE-2023-6446

Back to Vulnerability Database

CVE-2023-6446

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations