Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.7 views

CVE-2023-0212

The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

5.4CVSS5.5AI score0.00471EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/03/06 1:34 p.m.35 views

CVE-2023-0212 Advanced Recent Posts <= 0.6.14 - Contributor+ Stored XSS

The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

5.5AI score0.00471EPSS
Exploits2References1
CVE
CVE
added 2023/03/06 1:34 p.m.56 views

CVE-2023-0212

CVE-2023-0212 affects the Advanced Recent Posts WordPress plugin (versions 0.6.14 and earlier). The issue is that certain shortcode attributes are not validated or escaped before being output in posts/pages, enabling stored XSS if a user with contributor privileges or higher views the page. The v...

5.4CVSS5.3AI score0.00471EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/03/03 12:0 a.m.11 views

WordPress Advanced Recent Posts Plugin <= 0.6.14 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Recent Posts Type Plugin Vulnerable versions = 0.6.14 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0212 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 40ae855e2918 Credits Lana Codes...

5.4CVSS5.9AI score0.00471EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder