CVE-2023-34372 – WordPress Download SpamReferrerBlock Plugin <= 2.22 is vulnerable to Cross Site Scripting (XSS)

https://notcve.org/view.php?id=CVE-2023-34372

02 Jun 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Didier Sampaolo SpamReferrerBlock plugin <= 2.22 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en el plugin SpamReferrerBlock de Didier Sampaolo que afecta a las versiones 2.22 e inferiores. Para explotar esta vulnerabilidad hace falta estar autenticado y tener permisos de administrador o superior. The Download SpamReferrerBlock plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version... • https://patchstack.com/database/vulnerability/spamreferrerblock/wordpress-spamreferrerblock-plugin-2-22-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •