The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Metrics
Affected Vendors & Products
References
History
Tue, 11 Feb 2025 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2025-02-11T21:15:48.838Z
Reserved: 2023-02-16T22:48:42.287Z
Link: CVE-2023-0874

Updated: 2024-08-02T05:24:34.703Z

Status : Modified
Published: 2023-04-10T14:15:08.553
Modified: 2025-02-11T22:15:24.793
Link: CVE-2023-0874

No data.