CVE-2023-48300 Embed Privacy missing escaping for show_all attribute in opt-out shortcode

2023-11-2018:16:57

CWE-79

GitHub_M

www.cve.org

cve-2023-48300; wordpress; stored cross-site scripting; input sanitization; output escaping; contributor-level permissions; patch

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

19.1%

JSON

The Embed Privacy plugin for WordPress that prevents the loading of embedded external content is vulnerable to Stored Cross-Site Scripting via embed_privacy_opt_out shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Version 1.8.1 contains a patch for this issue.

CNA Affected

[
  {
    "vendor": "epiphyt",
    "product": "embed-privacy",
    "versions": [
      {
        "version": "< 1.8.1",
        "status": "affected"
      }
    ]
  }
]