5 matches found
CVE-2023-0526
The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0526 Post Shortcode <= 2.0.9 - Contributor+ Stored Cross-Site Scripting
The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0526
The CVE-2023-0526 entry applies to the WordPress plugin Post Shortcode, affecting versions up to 2.0.9. The root cause is that the plugin does not validate and escape certain shortcode attributes before output, enabling Stored Cross‑Site Scripting by users with the contributor role or higher when...
CVE-2023-0526 Post Shortcode <= 2.0.9 - Contributor+ Stored Cross-Site Scripting
The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress Post Shortcode Plugin <= 2.0.9 is vulnerable to Cross Site Scripting (XSS)
Software Post Shortcode Type Plugin Vulnerable versions = 2.0.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0526 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 623dba0711b0 Credits István Márton Require...