cleantalk
Vulnerabilities and Security Researches

Sitekit, CVE-2023-5071

CVE, Research URL

CVE-2023-5071

Home page URL

Security reports for Sitekit

Application

Sitekit

Published on
Oct 20, 2023
Research Description
The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sitekit_iframe' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.5.
Status
vulnerable
Previous vulnerability researches
Sitekit (CVE-2023-27628) , Jun 07, 2024
Sitekit (CVE-2023-5071) , Jun 07, 2024
Sitekit (CVE-2024-29111) , Jun 07, 2024
Sitekit (CVE-2025-30776) , Mar 28, 2025
New vulnerability
CF7 Spreadsheets (CVE-2025-31536) , Apr 05, 2025
Awesome Logos (CVE-2025-31899) , Apr 05, 2025
Flickr Photostream (CVE-2025-31467) , Apr 05, 2025
CM Header & Footer Script Loader – Insert Script Plugin (CVE-2025-31091) , Apr 05, 2025
Minimalistic Event Manager (CVE-2025-31739) , Apr 05, 2025