CVE-2023-6626

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Jan 22, 2024

Updated: Jan 26, 2024

CWE ID 79

Summary

CVE-2023-6626 is a vulnerability affecting the Product Enquiry plugin for WooCommerce on WordPress. Before version 3.1, the plugin fails to sanitise and escape certain settings, creating an opportunity for Stored Cross-Site Scripting (XSS) attacks. High privilege users, including administrators, can exploit this issue even when the unfiltered_html capability is disabled, particularly in multisite configurations. Successful attacks could lead to unauthorized script execution within the WordPress environment.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tvN4um
https://www.cve.org/CVERecord?id=CVE-2023-6626
https://nvd.nist.gov/vuln/detail/CVE-2023-6626

Back to Vulnerability Database

CVE-2023-6626

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations