3 matches found
CVE-2023-5468
creationtimestamp| type| source ---|---|--- 2023-10-10 12:30:00+00:00| seen| https://t.me/cibsecurity/71897...
CVE-2023-5468 Slick Contact Forms <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
CVE-2023-5468
Slick Contact Forms (WordPress) is vulnerable to Stored XSS via the dcscf-link shortcode in versions up to 1.3.7 due to insufficient input sanitization and output escaping. Exploitation requires attacker with contributor-level or higher permissions, and the vulnerability can cause arbitrary scrip...