CVE-2023-0081


MonsterInsights < 8.12.1 - Contributor+ Stored XSS

The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.


We have discovered 234,074 live websites that are affected by CVE-2023-0081.

Contact us to get more info



Affected Software

Product  MonsterInsights
Category Analytics
Vulnerable Versions
  • from 0 before 8.12.1
Total Vulnerable Versions145
Vulnerable Domains234,074 live websites (26.01% of MonsterInsights install base)


Common Weakness Enumeration


CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')



Details

  • Published - Feb 6, 2023

Credits

  • Lana Codes (finder)
  • WPScan (coordinator)





Countries

United States69,718 websites


Japan15,115 websites
France13,342 websites
GB12,043 websites
Germany11,744 websites
Italy10,644 websites
Poland9,100 websites
Netherlands8,487 websites
Spain7,368 websites
Canada5,908 websites

TLDs

.com108,403 websites
.org9,857 websites
.pl7,134 websites
.co.uk6,954 websites
.it6,921 websites
.nl6,811 websites
.net6,165 websites
.de5,738 websites
.fr5,292 websites
.com.br4,679 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


References


Websites affected by CVE-2023-0081

Top websites that are affected by CVE-2023-0081. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
************.***.ar Argentina*,***
***.*************.com United States*,***
*****.org United States*,***
****.******.net United States*,***
***.*********.com GB**,***
***.**********.de Germany**,***
***.**********.com Ireland**,***
***********.me Canada**,***
*****.********.**.**.uk GB**,***
********.********.edu United States**,***
See full domain list