4 matches found
CVE-2023-0374
creationtimestamp| type| source ---|---|--- 2023-04-17 16:42:07+00:00| seen| https://t.me/cibsecurity/62290...
CVE-2023-0374 W4 Post List < 2.4.6 - Contributor+ Stored XSS
The W4 Post List WordPress plugin before 2.4.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0374 W4 Post List < 2.4.6 - Contributor+ Stored XSS
The W4 Post List WordPress plugin before 2.4.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0374
CVE-2023-0374 affects the W4 Post List WordPress plugin prior to version 2.4.6. The vulnerability arises from insufficient validation/escaping of block options before output in a page/post where the block is embedded, enabling Stored XSS by users with Contributor+ privileges. Public details from ...