HTML filter and csv-file search < 2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The HTML filter and csv-file search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'csvsearch' shortcode in versions up to, and including, 2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2023-5096

The HTML filter and csv-file search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'csvsearch' shortcode in versions up to, and including, 2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Cross site scripting

The HTML filter and csv-file search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'csvsearch' shortcode in versions up to, and including, 2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

HTML filter and csv-file search < 2.8 - Contributor+ Local File Inclusion

Description The plugin does not properly sanitize and validate the 'src' attribute of the 'csvsearch' shortcode, leading to a Local File Inclusion vulnerability...

CVE-2023-5099

The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute...

CVE-2023-5099

CVE-2023-5099 describes a Local File Inclusion vulnerability in the WordPress plugin HTML filter and csv-file search . Up to version 2.7, the plugin fails to sanitize the src attribute of the csvsearch shortcode, allowing authenticated users with contributor permissions or higher to include and e...

CVE-2023-5099 HTML filter and csv-file search <= 2.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute...

WordPress Plugin HTML filter and csv-file search security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress HTML filter and csv-file search Plugin <= 2.7 is vulnerable to Cross Site Scripting (XSS)

Software HTML filter and csv-file search Type Plugin Vulnerable versions = 2.7 Fixed in 2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5096 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 370de6af1adf Credits Alex Thomas...

WordPress HTML filter and csv-file search Plugin <= 2.7 is vulnerable to Local File Inclusion

Software HTML filter and csv-file search Type Plugin Vulnerable versions = 2.7 Fixed in 2.8 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-5099 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 9f90341966c7 Credits Alex Thomas Required privilege...