6 matches found
CVE-2023-0212
The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...
CVE-2023-0212
creationtimestamp| type| source ---|---|--- 2023-03-06 16:12:51+00:00| seen| https://t.me/cibsecurity/59477 2025-03-08 04:34:10+00:00| seen| Telegram/SAsgFKMlXhfG1zoDDCzbRrGKILsf3kl1bMbdwSMNbPXvkgQ1...
CVE-2023-0212
CVE-2023-0212 affects the Advanced Recent Posts WordPress plugin (versions 0.6.14 and earlier). The issue is that certain shortcode attributes are not validated or escaped before being output in posts/pages, enabling stored XSS if a user with contributor privileges or higher views the page. The v...
CVE-2023-0212 Advanced Recent Posts <= 0.6.14 - Contributor+ Stored XSS
The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...
WordPress Advanced Recent Posts Plugin <= 0.6.14 is vulnerable to Cross Site Scripting (XSS)
Software Advanced Recent Posts Type Plugin Vulnerable versions = 0.6.14 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0212 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 40ae855e2918 Credits Lana Codes...
Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0212)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0212 advisory. - In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway SSG...