CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress theatre allows Stored XSS.This issue affects Theater for WordPress: from n/a through <= 0.19.
Explanation of Vulnerability in Simple Terms
Theater for WordPress versions 0.19 and earlier contain a cross-site scripting (XSS) vulnerability. An authenticated user can inject malicious scripts that execute in other users' browsers when they interact with affected content. The vulnerability requires user interaction and can affect multiple users across the site. Update to a version newer than 0.19.
What an attacker can do
Inject malicious scripts that run in other users' browsers, potentially stealing session tokens or performing actions on their behalf.
Potential impact on your site
Authenticated users can compromise other users' accounts or sessions. Site reputation and user trust may be damaged if exploited.
Conditions required to exploit
Attacker must have a WordPress user account (low privilege level). Victim must click a link or visit a page containing the malicious payload.
Key dates
External resources
Related vulnerabilities
