CVE-2023-7084 - Vulnerability Details - OpenCVE

The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Davidjmiller	Voting Record

Configuration 1 [-]

cpe:2.3:a:davidjmiller:voting_record:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://magos-securitas.com/txt/CVE-2023-7084.txt
https://wpscan.com/vulnerability/5e51e239-919b-4e74-a7ee-195f3817f907/

History

Fri, 20 Jun 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-01-16T15:57:03.277Z

Updated: 2025-06-20T17:23:27.788Z

Reserved: 2023-12-22T19:02:36.893Z

Link: CVE-2023-7084

Vulnrichment

Updated: 2024-08-02T08:50:07.797Z

NVD

Status : Modified

Published: 2024-01-16T16:15:14.023

Modified: 2025-06-20T18:15:24.563

Link: CVE-2023-7084

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-7084", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2023-12-22T19:02:36.893Z", "datePublished": "2024-01-16T15:57:03.277Z", "dateUpdated": "2025-06-20T17:23:27.788Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-02-05T21:23:01.742Z"}, "title": "Voting Record <= 2.0 - Subscriber+ Stored XSS", "problemTypes": [{"descriptions": [{"description": "CWE-79 Cross-Site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Voting Record", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThanOrEqual": "2.0"}], "defaultStatus": "affected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks"}], "references": [{"url": "https://wpscan.com/vulnerability/5e51e239-919b-4e74-a7ee-195f3817f907/", "tags": ["exploit", "vdb-entry", "technical-description"]}, {"url": "https://magos-securitas.com/txt/CVE-2023-7084.txt"}], "credits": [{"lang": "en", "value": "Daniel Ruf", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:50:07.797Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/5e51e239-919b-4e74-a7ee-195f3817f907/", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://magos-securitas.com/txt/CVE-2023-7084.txt", "tags": ["x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-01-18T17:24:09.414304Z", "id": "CVE-2023-7084", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-20T17:23:27.788Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/5e51e239-919b-4e74-a7ee-195f3817f907/", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://magos-securitas.com/txt/CVE-2023-7084.txt", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:50:07.797Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-7084", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-18T17:24:09.414304Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-20T17:23:22.530Z"}}], "cna": {"title": "Voting Record <= 2.0 - Subscriber+ Stored XSS", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Daniel Ruf"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Voting Record", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.0"}], "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "affected"}], "references": [{"url": "https://wpscan.com/vulnerability/5e51e239-919b-4e74-a7ee-195f3817f907/", "tags": ["exploit", "vdb-entry", "technical-description"]}, {"url": "https://magos-securitas.com/txt/CVE-2023-7084.txt"}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-79 Cross-Site Scripting (XSS)"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-02-05T21:23:01.742Z"}}}, "cveMetadata": {"cveId": "CVE-2023-7084", "state": "PUBLISHED", "dateUpdated": "2025-06-20T17:23:27.788Z", "dateReserved": "2023-12-22T19:02:36.893Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2024-01-16T15:57:03.277Z", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:davidjmiller:voting_record:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5618CD85-545A-47B3-A1E9-13091C2C8EE9", "versionEndIncluding": "2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks"}, {"lang": "es", "value": "Al complemento Voting Record de WordPress hasta la versi\u00f3n 2.0 le falta sanitizaci\u00f3n y escape, lo que podr\u00eda permitir a cualquier usuario autenticado, como un suscriptor, realizar ataques de XSS almacenado."}], "id": "CVE-2023-7084", "lastModified": "2025-06-20T18:15:24.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-01-16T16:15:14.023", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://magos-securitas.com/txt/CVE-2023-7084.txt"}, {"source": "contact@wpscan.com", "tags": ["Third Party Advisory"], "url": "https://wpscan.com/vulnerability/5e51e239-919b-4e74-a7ee-195f3817f907/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://magos-securitas.com/txt/CVE-2023-7084.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://wpscan.com/vulnerability/5e51e239-919b-4e74-a7ee-195f3817f907/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}