Unrated severityNVD Advisory· Published Mar 20, 2023· Updated Feb 25, 2025
VK All in One Expansion Unit < 9.87.1.0 - Reflected XSS
CVE-2023-0937
Description
The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <9.87.1.0
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/5110ff02-c721-43eb-b13e-50aca25e1162mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.