What the vulnerability does
01Description
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Animated Number Counters plugin <= 1.6 versions.
CVE-2023-24393
MEDIUM
CVE-2023-24393: WordPress Animated Number Counters Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)
CVSS base score
6.5/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Key dates
02Disclosure timeline
August 10, 2023
CVE published
April 28, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2023-51404 WordPress My Agile Privacy Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)
CVE-2026-34557 CI4MS: Permissions Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CVE-2026-34429 Vvveb < 1.0.8.1 Stored XSS via Media Upload and Rename
CVE-2025-11868 everviz <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2022-0704 Cross-site Scripting (XSS) - Stored in pimcore/pimcore
