CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47663 – WordPress Foyer plugin <= 1.7.5 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-47663
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Menno Luitjes Foyer allows Code Injection.This issue affects Foyer: from n/a through 1.7.5. La neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en Menno Luitjes Foyer permite la inyección de código. Este problema afecta a Foyer: desde n/a hasta 1.7.5. The Foyer – Digital Signage for WordPress plugin for WordPress is vulnerable to unauthorized content injection due to an insufficient capability check on the editing functionality in all versions up to, and including, 1.7.5. This makes it possible for authenticated attackers, with contributor access and above, to publish arbitrary content via slides. • https://patchstack.com/database/vulnerability/foyer/wordpress-foyer-plugin-1-7-5-content-injection-vulnerability?_s_id=cve • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) CWE-285: Improper Authorization •