CVE-2023-0937

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-0937
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0937.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-0937
Published
2023-03-20T16:15:12.873Z
Modified
2026-04-10T04:55:37.778338Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $SERVER['REQUESTURI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

References

Affected packages

Git / github.com/vektor-inc/vk-all-in-one-expansion-unit

Affected ranges

Type
GIT
Repo
https://github.com/vektor-inc/vk-all-in-one-expansion-unit
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a8e1f504aa4282d77636908cbe013e50bb72c87e
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "9.87.1.0"
        }
    ]
}

Affected versions

0.*
0.0.0
0.0.0.1
0.0.0.2
0.0.0.3
0.1.2.0
0.1.3.1
0.1.4.0
0.1.5.0
0.1.5.1
1.*
1.0.8
2.*
2.1.1
2.2.0
2.2.5
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
3.*
3.0.0
3.0.1
3.0.2
3.1.3
3.2.0
3.3.0
3.4.0
3.5.0
3.5.1
3.5.2
3.5.3
3.6.3
3.7.0
3.7.1
3.7.10
3.7.2
3.7.3
3.7.6
3.7.7
3.8.0
4.*
4.0.0
4.0.1
4.0.10
4.0.5
4.0.8
4.0.9
4.1.4
4.1.5
4.2.0
4.3.1
4.3.2
4.3.3
4.3.7
4.4.1
4.5.0
4.5.1
4.6.1
4.6.2
4.6.4
4.7.0
5.*
5.0.0
5.0.3
5.1.0
5.2.0
5.2.7
5.2.8
5.2.9
5.3.2
5.3.3
5.3.4
5.3.5
5.3.8
5.4.1
5.4.2
5.4.5
5.4.7
5.5.0
5.6.0
5.7.0
6.*
6.1.2
6.3.1
6.4.6
6.4.8
6.4.9
9.*
9.10.0.0
9.10.0.1
9.10.1.0
9.11.0.0
9.11.1.0
9.11.2.0
9.11.3.0
9.11.4.0
9.11.5.0
9.12.0.0
9.12.0.1
9.13.0.0
9.13.1.0
9.14.0.0
9.15.0.0
9.15.1.0
9.15.1.1
9.15.1.2
9.15.2.1
9.15.3.0
9.15.4.0
9.15.5.0
9.16.0.0
9.16.0.1
9.16.0.2
9.16.1.0
9.16.2.0
9.17.0.0
9.18.0.0
9.18.0.1
9.18.0.2
9.18.1.0
9.19.0.0
9.20.0.0
9.21.0.0
9.22.0.0
9.22.1.0
9.24.0.0
9.26.0.0
9.26.1.0
9.26.2.0
9.27.0.2
9.28.0.0
9.28.1.0
9.28.2.0
9.28.3.0
9.29.0.0
9.29.1.0
9.29.2.0
9.29.3.0
9.29.4.0
9.29.5.0
9.29.6.0
9.29.7.0
9.30.0.0
9.30.0.1
9.30.2.0
9.31.0.0
9.31.10.0
9.31.11.0
9.31.8.0
9.32.0.0
9.33.0.0
9.34.0.0
9.34.1.0
9.35.0.0
9.36.1.0
9.37.0.0
9.37.1.0
9.37.1.1
9.37.2.0
9.38.0.0
9.39.0.0
9.40.0.0
9.41.0.0
9.42.0.0
9.42.1.0
9.43.0.0
9.43.1.0
9.43.2.0
9.44.0.0
9.44.0.1
9.44.0.2
9.44.0.3
9.44.0.4
9.44.0.5
9.44.0.6
9.44.0.7
9.44.0.8
9.44.0.9
9.44.1.0
9.44.2.0
9.45.0.0
9.46.0.0
9.46.1.0
9.47.0.0
9.48.0.0
9.48.1.0
9.60.0.0
9.60.1.0
9.61.0.0
9.61.1.0
9.61.1.1
9.61.2.0
9.61.3.0
9.61.4.0
9.61.5.0
9.61.6.0
9.62.0.0
9.63.0.0
9.63.1.0
9.64.1.0
9.64.2.0
9.64.3.0
9.64.3.1
9.64.3.2
9.64.4.0
9.64.5.0
9.65.0.0
9.66.0.0
9.66.0.1
9.66.01
9.66.1.0
9.66.1.1
9.66.2.0
9.67.0.0
9.67.1.0
9.67.2.0
9.68.0.0
9.68.0.1
9.68.1.0
9.68.2.0
9.68.3.0
9.68.4.0
9.69.0.0
9.69.1.0
9.69.2.0
9.69.3.0
9.70.0.0
9.70.1.0
9.70.2.0
9.71.0.0
9.71.0.1
9.71.0.10
9.71.0.11
9.71.0.12
9.71.0.13
9.71.0.14
9.71.0.15
9.71.0.2
9.71.0.26
9.71.0.27
9.71.0.4
9.71.0.5
9.71.0.6
9.71.1.1
9.72.0.0
9.73.0.0
9.73.0.1
9.73.2.0
9.73.3.0
9.74.0.0
9.74.1.0
9.74.2.0
9.75.0.0
9.76.0.0
9.76.0.1
9.76.1.0
9.76.2.0
9.76.3.0
9.77.0.0
9.78.0.1
9.78.1.0
9.79.0.0
9.8.0.1
9.8.0.3
9.8.1.0
9.8.2.0
9.8.3.0
9.80.0.0
9.80.1.0
9.81.0.0
9.81.0.1
9.81.1.0
9.81.2.0
9.81.3.0
9.82.0.0
9.83.0.0
9.83.1.0
9.84.0.0
9.84.1.0
9.84.2.0
9.84.3.0
9.85.0.0
9.85.0.1
9.86.0.0
9.86.0.1
9.86.1.0
9.86.2.0
9.87.0.0
9.87.0.1
9.9.0.0
Other
push

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0937.json"