The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azh_post' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
Configurations
History
21 Nov 2024, 08:16
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.4 |
References | () https://plugins.trac.wordpress.org/browser/page-builder-by-azexo/trunk/azexo_html.php#L2845 - Patch | |
References | () https://plugins.trac.wordpress.org/browser/page-builder-by-azexo/trunk/azexo_html.php#L2856 - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/24486605-9324-4f19-9ca3-340d006432db?source=cve - Third Party Advisory |
09 Jun 2023, 16:49
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CPE | cpe:2.3:a:azexo:page_builder_with_image_map_by_azexo:*:*:*:*:*:wordpress:*:* | |
References | (MISC) https://plugins.trac.wordpress.org/browser/page-builder-by-azexo/trunk/azexo_html.php#L2845 - Patch | |
References | (MISC) https://plugins.trac.wordpress.org/browser/page-builder-by-azexo/trunk/azexo_html.php#L2856 - Patch | |
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/24486605-9324-4f19-9ca3-340d006432db?source=cve - Third Party Advisory |
03 Jun 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-03 00:15
Updated : 2024-11-21 08:16
NVD link : CVE-2023-3051
Mitre link : CVE-2023-3051
CVE.ORG link : CVE-2023-3051
JSON object : View
Products Affected
azexo
- page_builder_with_image_map_by_azexo
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')