CVE-2023-2579
Description
The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.
NVD
Severity: MEDIUM
CVE ID: CVE-2023-2579
CVSS Score: 5.4
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Proof Of Concept
0xn4d
PoC for CVE-2023-2579
Refrence: GitHub