CVE-2023-6806

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Feb 29, 2024

Summary

CVE-2023-6806 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Starbox plugin for WordPress. This issue, present in all versions up to 3.4.8, allows authenticated attackers with subscriber-level access and above to inject malicious scripts into user profile fields within the Job Settings. As a result, the injected scripts will be executed whenever a user accesses an affected page, potentially leading to unintended actions or information disclosure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ty9O8b
https://www.cve.org/CVERecord?id=CVE-2023-6806
https://nvd.nist.gov/vuln/detail/CVE-2023-6806

Back to Vulnerability Database

CVE-2023-6806

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations