CVE-2023-0372

🗓️ 21 Feb 2023 09:12:15Reported by [email protected]Type

The EmbedStories WordPress plugin fails to validate shortcode attributes, enabling Stored Cross-Site Scripting attacks

Reporter	Title	Published	Views	Family All 8
Prion	Cross site scripting	21 Feb 202309:15	–	prion
Vulnrichment	CVE-2023-0372 EmbedStories < 0.7.5 - Contributor+ Stored XSS	21 Feb 202308:50	–	vulnrichment
Cvelist	CVE-2023-0372 EmbedStories < 0.7.5 - Contributor+ Stored XSS	21 Feb 202308:50	–	cvelist
wpexploit	EmbedStories < 0.7.5 - Contributor+ Stored XSS	30 Jan 202300:00	–	wpexploit
WPVulnDB	EmbedStories < 0.7.5 - Contributor+ Stored XSS	30 Jan 202300:00	–	wpvulndb
Patchstack	WordPress EmbedStories Plugin < 0.7.5 is vulnerable to Cross Site Scripting (XSS)	31 Jan 202300:00	–	patchstack
CVE	CVE-2023-0372	21 Feb 202309:15	–	cve
Wordfence Blog	Wordfence Intelligence CE Weekly Vulnerability Report (1-30-2023 to 2-5-2023)	9 Feb 202315:31	–	wordfence

Nvd

Node

embedsocial embedstoriesRange<0.7.5wordpress

Source	Link
wpscan	www.wpscan.com/vulnerability/9cf90ad8-4aa4-466c-a33e-4f2706815765

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Feb 2023 09:15Current

5.3Medium risk

Vulners AI Score5.3

CVSS35.4

EPSS0.00054