Lucene search
K

9 matches found

Patchstack
Patchstack
added 2026/02/03 9:11 a.m.7 views

WordPress GS Books Showcase plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin GS Books Showcase versions = 1.3.1...

6.4CVSS5.3AI score0.00345EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 2:52 a.m.6 views

CVE-2023-0541

The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.8CVSS5.1AI score0.00608EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/02/21 8:50 a.m.6 views

CVE-2023-0541 GS Books Showcase < 1.3.1 - Contributor+ Stored XSS

The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.8AI score0.00608EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/02/21 8:50 a.m.23 views

CVE-2023-0541 GS Books Showcase < 1.3.1 - Contributor+ Stored XSS

The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.5AI score0.00608EPSS
Exploits2References1
CVE
CVE
added 2023/02/21 8:50 a.m.47 views

CVE-2023-0541

GS Books Showcase WordPress plugin prior to 1.3.1 is vulnerable to Stored XSS via shortcode attributes (requires Contributor+). Patchfix: upgrade to version 1.3.1 or later, which resolves the issue per Patchstack entry for CVE-2023-0541.

6.8CVSS5.5AI score0.00608EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/02/21 12:0 a.m.3 views

WordPress plugin GS Books Showcase 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.8CVSS6.4AI score0.00608EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/01/31 12:0 a.m.13 views

WordPress GS Books Showcase Plugin < 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software GS Books Showcase Type Plugin Vulnerable versions 1.3.1 Fixed in 1.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0541 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7768af0764d3 Credits István Márton...

6.8CVSS5.6AI score0.00608EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2023/01/30 12:0 a.m.73 views

GS Books Showcase < 1.3.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. gsbookshowcase theme='" onmouseover="alert1...

6.8CVSS5.2AI score0.00608EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/01/30 12:0 a.m.13 views

GS Books Showcase < 1.3.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC gsbookshowcase theme='"...

6.8CVSS5.1AI score0.00608EPSS
Exploits2Affected Software1
Rows per page
Query Builder