Cross site scripting

🗓️ 19 Oct 2023 02:15:00Reported by PRIOn knowledge baseType

The Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tmfshortcode' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2023-5639	19 Oct 202307:34	–	circl
CNNVD	WordPress plugin Team Showcase cross-site scripting vulnerability	19 Oct 202300:00	–	cnnvd
CVE	CVE-2023-5639	19 Oct 202301:53	–	cve
Cvelist	CVE-2023-5639 Team Showcase <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	19 Oct 202301:53	–	cvelist
EUVD	EUVD-2023-57932	3 Oct 202520:07	–	euvd
NVD	CVE-2023-5639	19 Oct 202302:15	–	nvd
Patchstack	WordPress Team Showcase Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)	19 Oct 202300:00	–	patchstack
RedhatCVE	CVE-2023-5639	23 May 202502:40	–	redhatcve
Vulnrichment	CVE-2023-5639	19 Oct 202301:53	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (October 16, 2023 to October 22, 2023)	26 Oct 202318:41	–	wordfence

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/d3b26060-294e-4d4c-9295-0b08f533d5c4
plugins	www.plugins.trac.wordpress.org/browser/team-showcase/trunk/team-manager-free.php
plugins	www.plugins.trac.wordpress.org/browser/team-showcase/trunk/team-manager-free.php
plugins	www.plugins.trac.wordpress.org/changeset/2980614/team-showcase

25 Oct 2023 15:14Current

5.2Medium risk

Vulners AI Score5.2

EPSS0.00092