CVE-2023-27426

MEDIUM

NotifyVisitors < 1.0 - Authenticated Stored Cross-Site Scripting

Title source: llm

EIP tracks 1 public exploit for CVE-2023-27426. PoCs published by Pavak-hash.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Notifyvisitors NotifyVisitors plugin <= 1.0 versions.

github NO CODE

by Pavak-hash · poc

Core 1

Core References

Third Party Advisory vdb-entry

CVSS v3 5.9

EPSS 0.0037

EPSS Percentile 28.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

CWE

CWE-79

Status published

Products (2)

notifyvisitors/notifyvisitors < 1.0

Notifyvisitors/NotifyVisitors < 1.0

Published Aug 30, 2023

Tracked Since Feb 18, 2026