CVE-2023-41661: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

September 29, 2023 (updated October 2, 2023)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions.

References

nvd.nist.gov/vuln/detail/CVE-2023-41661
patchstack.com/database/vulnerability/smarty-for-wordpress/wordpress-smarty-for-wordpress-plugin-3-1-35-cross-site-scripting-xss-vulnerability?_s_id=cve

Code Behaviors & Features

Detect and mitigate CVE-2023-41661 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →