CVE-2023-0174

The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0174

creationtimestamp| type| source ---|---|--- 2025-03-25 21:25:29+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8780...

CVE-2023-0174 WP VR < 8.2.7 - Contributor+ Stored XSS

The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0174

The WP VR WordPress plugin is affected: older releases before 8.2.7 do not validate or escape some shortcode attributes when rendering, enabling Stored XSS on pages/posts containing the shortcode for users with the Contributor role or higher. Remediation: upgrade to version 8.2.7 (fixed).

WordPress WP VR Plugin < 8.2.7 is vulnerable to Cross Site Scripting (XSS)

Software WP VR Type Plugin Vulnerable versions 8.2.7 Fixed in 8.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0174 Patch priority Medium CVSS severity Medium 6.5 Developer WPFunnels Team PSID 8cc58a857921 Credits Lana Codes Required privilege...