CVE-2023-6807
The GeneratePress Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom meta output in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 36,179 live websites that are affected by CVE-2023-6807.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 36,179 live websites (37.88% of GeneratePress Premium install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 60 versions ( 89.55% of all versions) |
Details
- Published - Feb 5, 2024
- Updated - Aug 2, 2024
Credits
- Francesco Carlucci (finder)
CVE References
CVE-2023-6807 usage by Country
 United States | 15,634 websites |
 Germany | 4,178 websites |
 France | 2,587 websites |
 Denmark | 1,662 websites |
 Spain | 1,537 websites |
 GB | 1,121 websites |
 Netherlands | 922 websites |
 Cyprus | 889 websites |
 Poland | 769 websites |
 Italy | 500 websites |
CVE-2023-6807 usage by TLD
| .com | 16,368 websites |
| .de | 2,292 websites |
| .org | 1,664 websites |
| .dk | 1,474 websites |
| .es | 1,088 websites |
| .net | 1,085 websites |
| .nl | 973 websites |
| .fr | 833 websites |
| .co.uk | 830 websites |
| .pl | 821 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-6807
Top websites that are affected by CVE-2023-6807. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***************.org | United States | *,*** | |
| ****************.com | United States | *,*** | |
| ***********************.com | United States | *,*** | |
| *******.es | Spain | *,*** | |
| **********.com | United States | *,*** | |
| ***********.net | United States | **,*** | |
| **************.com | United States | **,*** | |
| *******************.ro |  Romania | **,*** | |
| ******************.com | United States | **,*** | |
| *************.com | United States | **,*** |
FAQ
A total of 36,179 websites have been identified as vulnerable to CVE-2023-6807, discovered through global website indexing conducted by WebTechSurvey.
GeneratePress Premium is susceptible to CVE-2023-6807 vulnerability.
GeneratePress Premium versions before, and including, 2.3.2 are vulnerable to CVE-2023-6807.