cleantalk
Vulnerabilities and Security Researches

BSK PDF Manager, CVE-2023-5110

CVE, Research URL

CVE-2023-5110

Home page URL

Security reports for BSK PDF Manager

Application

BSK PDF Manager

Published on
Oct 25, 2023
Research Description
The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'bsk-pdfm-category-dropdown' shortcode in versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 3.4.2.
Status
vulnerable
Previous vulnerability researches
BSK PDF Manager (CVE-2021-24860) , Jun 07, 2024
BSK PDF Manager (CVE-2014-4944) , Jun 07, 2024
BSK PDF Manager (CVE-2023-5110) , Jun 07, 2024
BSK PDF Manager (CVE-2024-38767) , Jul 19, 2024
BSK PDF Manager (CVE-2024-4367) , Jul 22, 2024
New vulnerability
WordPress Plugin for Google Maps – WP MAPS (CVE-2025-3502) , May 07, 2025
WordPress Plugin for Google Maps – WP MAPS (CVE-2025-3503) , May 07, 2025
Category Widget (CVE-2025-46515) , May 07, 2025
Search Exclude (CVE-2025-2821) , May 07, 2025
IGIT Related Posts With Thumb Image After Posts (CVE-2025-46518) , May 07, 2025