CVE-2023-1839

MEDIUM Year: 2023
CVSS v3 Score
4.8
Medium
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

Related Vulnerabilities

CVE-2016-5541

MEDIUM
CVSS:4.8(Medium)

Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. Di...

NVD-CWE-Other2016

CVE-2017-10063

MEDIUM
CVSS:4.8(Medium)

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2. Diff...

NVD-CWE-Other2017

CVE-2017-10149

MEDIUM
CVSS:4.8(Medium)

Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1 and 16.2...

NVD-CWE-Other2017

CVE-2017-10161

MEDIUM
CVSS:4.8(Medium)

Vulnerability in the Oracle Engineering Data Management component of Oracle Supply Chain Products Suite (subcomponent: Web Services Security). Supported versions that are affected are 6.1.3.0 and 6.2....

NVD-CWE-Other2017

CVE-2017-10386

MEDIUM
CVSS:4.8(Medium)

Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Easily exploi...

NVD-CWE-Other2017

CVE-2018-2599

MEDIUM
CVSS:4.8(Medium)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embed...

NVD-CWE-Other2018