Security Advisory

CVE-2023-6529

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-01-08 19:00:26

Last updated 2025-06-18 16:50:52

Assigner WPScan

State PUBLISHED

Description

The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities.

← Browse all CVEs View on cve.org ↗