Lucene search
WPScanCVELIST:CVE-2023-0033HistoryJan 30, 2023 - 8:31 p.m.
CVE-2023-0033 PDF Viewer < 1.0.0 - Contributor+ Stored XSS via Shortcode
2023-01-3020:31:53
WPScan
www.cve.org
1
cve-2023-0033
pdf viewer
wordpress plugin
stored xss
shortcode
contributor
cross-site scripting
EPSS
0.001
Percentile
25.5%
The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
CNA Affected
[
{
"vendor": "Unknown",
"product": "PDF Viewer",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.0.0"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
cve
cve
CVE-2023-0033
2023-01-30 21:15:13
nvd
nvd
CVE-2023-0033
2023-01-30 21:15:13
wpexploit
wpexploit
PDF Viewer < 1.0.0 - Contributor+ Stored XSS via Shortcode
2023-01-03 00:00:00
prion
prion
Cross site scripting
2023-01-30 21:15:00
wpvulndb
wpvulndb
PDF Viewer < 1.0.0 - Contributor+ Stored XSS via Shortcode
2023-01-03 00:00:00