{"uuid": "e2d61559-4c38-46a4-82dc-233b8f692c2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1469", "type": "seen", "source": "https://t.me/cibsecurity/60249", "content": "\u203c CVE-2023-1469 \u203c\n\nThe WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u00e2\u20ac\u02dcpec_coupon[code]\u00e2\u20ac\u2122 parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This can potentially be exploited by lower-privileged users if the `Admin Dashboard Access Permission` setting it set for those users to access the dashboard.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-17T15:45:47.000000Z"}