Lucene search
WPScanCVELIST:CVE-2023-6530HistoryJan 29, 2024 - 2:44 p.m.
CVE-2023-6530 TJ Shortcodes <= 0.1.3 - Contributor+ Stored XSS via Shortcodes
2024-01-2914:44:23
WPScan
www.cve.org
5
cve-2023-6530
wordpress
stored xss
EPSS
0
Percentile
14.0%
The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CNA Affected
[
{
"vendor": "Unknown",
"product": "TJ Shortcodes",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "0.1.3"
}
],
"defaultStatus": "affected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
TJ Shortcodes <= 0.1.3 - Contributor+ Stored XSS via Shortcodes
2024-01-03 00:00:00
nvd
nvd
CVE-2023-6530
2024-01-29 15:15:09
CVE-2023-5619
2024-01-04 20:15:25
cve
cve
CVE-2023-6530
2024-01-29 15:15:09
CVE-2023-5619
2024-01-04 20:15:25
prion
prion
Cross site scripting
2024-01-29 15:15:00
wpexploit
wpexploit
TJ Shortcodes <= 0.1.3 - Contributor+ Stored XSS via Shortcodes
2024-01-03 00:00:00
wordfence
wordfence