The Weaver Xtreme Theme for WordPress is vulnerable to...
Moderate severity
Unreviewed
Published
Jun 9, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Jun 9, 2023
Published to the GitHub Advisory Database
Jun 9, 2023
Last updated
Apr 4, 2024
The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References