CVE-2023-50834 MEDIUM

CVE-2023-50834: WordPress WooCommerce Menu Extension Plugin <= 1.6.2 is vulnerable to Cross Site Scripting (XSS)

Vendor August Infotech
Product WooCommerce Menu Extension
Weakness CWE-79 · XSS
Published December 21, 2023
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech WooCommerce Menu Extension allows Stored XSS.This issue affects WooCommerce Menu Extension: from n/a through 1.6.2.

Key dates

02Disclosure timeline

December 21, 2023 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-43309 WordPress WP Telegram Widget and Join Link plugin <= 2.1.27 - Cross Site Scripting (XSS) vulnerability CVE-2022-45831 WordPress Image Hover Effects - Caption Hover with Carousel Plugin <= 2.8 is vulnerable to Cross Site Scripting (XSS) CVE-2023-47533 WordPress Countdown and CountUp, WooCommerce Sales Timer Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS) CVE-2024-8726 MailChimp Forms by MailMunch <= 3.2.3 - Reflected Cross-Site Scripting CVE-2022-31059 Discourse Calendar Event names susceptible to Cross-site Scripting