Vulnerabilities > CVE-2023-1166 - Unspecified vulnerability in Ultimatelysocial USM Premium
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The USM-Premium WordPress plugin before 16.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |