CVE-2023-6684

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 11, 2024

Updated: Jan 17, 2024

CWE ID 79

Summary

CVE-2023-6684 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Ibtana WordPress Website Builder plugin. This issue, present in versions up to 1.2.2, allows authenticated attackers with contributor level or above permissions to inject malicious scripts. The vulnerability is due to insufficient sanitization and output escaping on 'width' and 'height' user-supplied attributes in the 'ive' shortcode. Successful exploitation enables attackers to execute arbitrary web scripts, which are triggered whenever a user visits an injected page.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/txOtlA
https://www.cve.org/CVERecord?id=CVE-2023-6684
https://nvd.nist.gov/vuln/detail/CVE-2023-6684

Back to Vulnerability Database

CVE-2023-6684

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations