cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-1469,https://securityvulnerability.io/vulnerability/CVE-2023-1469,Stored Cross-Site Scripting Vulnerability in WP Express Checkout for WordPress,"The WP Express Checkout plugin for WordPress contains a Stored Cross-Site Scripting vulnerability through the 'pec_coupon[code]' parameter. This flaw arises from inadequate input sanitization and output escaping in versions up to and including 2.2.8. Authenticated attackers with administrator-level access can exploit this vulnerability to inject arbitrary web scripts, which will execute when users access the compromised pages. Furthermore, given the right permissions, lower-privileged users may also be able to exploit this vulnerability if the 'Admin Dashboard Access Permission' setting is configured to allow them dashboard access.",Wordpress,WP Express Checkout (Accept PayPal Payments Easily),4.8,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2023-03-17T13:15:00.000Z,0