March 6, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Corporate Iftar Dinner 2023
April 6, 2023Rewterz Threat Advisory – CVE-2023-29017 – Node.js vm2 module Vulnerability
April 7, 2023Rewterz Corporate Iftar Dinner 2023
April 6, 2023Rewterz Threat Advisory – CVE-2023-29017 – Node.js vm2 module Vulnerability
April 7, 2023
Severity
Medium
Analysis Summary
CVE-2023-23685 CVSS:6.5
WordPress Portfolio Plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-23681 CVSS:6.5
Image Hover Effects For WPBakery Page Builder Plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-23686 CVSS:6.5
Simple Staff List Plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-23821 CVSS:5.9
Interactive Polish Map Plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-23870 CVSS:5.9
Responsive Vertical Icon Menu Plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-23978 CVSS:5.9
WP Google Map Plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-23977 CVSS:6.5
Team Heateor WordPress Social Comments Plugin for WordPress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Impact
- Cross-Site Scripting
Indicators Of Compromise
CVE
- CVE-2023-23685
- CVE-2023-23681
- CVE-2023-23686
- CVE-2023-23821
- CVE-2023-23870
- CVE-2023-23978
- CVE-2023-23977
Affected Vendors
WordPress
Affected Products
- WordPress Portfolio Plugin for WordPress 2.8.10
- WordPress Image Hover Effects For WPBakery Page Builder Plugin for WordPress 4.0
- WordPress Simple Staff List Plugin for WordPress 2.2.2
- WordPress Interactive Polish Map Plugin for WordPress 1.2
- WordPress Responsive Vertical Icon Menu Plugin for WordPress 1.5.8
- WordPress WordPress Plugin for Google Maps 4.3.9
- Team Heateor WordPress Social Comments Plugin for WordPress 1.6.1
Remediation
Upgrade to the latest version of WordPress Plugins, available from the WordPress Plugin Directory.