VDB

CVE-2023-5357

CVE-2023-5357 PUBLISHED CVSS 6.400000095367432 MEDIUM

The Instagram for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

EPSS 0.10% · 27.6th percentile

Risk Scores

CVSS 3.1
6.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
EPSS Score
0.10%
27.6th percentile

Affected Products

VendorProductVersions
ink361instagram_for_wordpress0, 0, 0
esemonoInstagram for WordPress0, 0, 0

Exploit Intelligence

Timeline

  • Oct 4, 2023 EPSS Score
  • Oct 4, 2023 CVE Published
  • Nov 5, 2023 EPSS Score
  • Dec 6, 2023 EPSS Score
  • Jan 7, 2024 EPSS Score
  • Feb 8, 2024 EPSS Score
  • Mar 10, 2024 EPSS Score
  • Apr 11, 2024 EPSS Score
  • May 13, 2024 EPSS Score
  • Jun 13, 2024 EPSS Score
  • Jul 15, 2024 EPSS Score
  • Aug 16, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›