CVE-2023-1166: USM Premium < 16.3 - Admin+ Stored XSS

0.0 CVSS

Description

The USM-Premium WordPress plugin before 16.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

Classification

CVE ID: CVE-2023-1166

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: Unknown

Product: Ultimate-Premium-Plugin

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 26.39% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://wpscan.com/vulnerability/825eccf9-f351-4a5b-b238-9969141b94fa

Timeline

2024-11-28 00:10:49 UTC
CVE

USM Premium < 16.3 - Admin+ Stored XSS