CVE-2023-5653
N/A
N/A
Summary
The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | WassUp Real Time Analytics | 0 <= 1.9.4.5 | affected |
Weaknesses
- CWE-79 Cross-Site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.