4 matches found
CVE-2023-0097
The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
CVE-2023-0097 Post Grid, Post Carousel, & List Category Posts < 2.4.19 - Contributor+ Stored XSS
The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
CVE-2023-0097
CVE-2023-0097 concerns the WordPress plugin Post Grid, Post Carousel, & List Category Posts (versions prior to 2.4.19). The issue arises because the plugin does not validate or escape certain block options before outputting them when the block is embedded, enabling Stored Cross-Site Scripting for...
WordPress Post Grid, Post Carousel, & List Category Posts – by Smart Post Show Plugin < 2.4.19 is vulnerable to Cross Site Scripting (XSS)
Software Post Grid, Post Carousel, & List Category Posts – by Smart Post Show Type Plugin Vulnerable versions 2.4.19 Fixed in 2.4.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0097 Patch priority Medium CVSS severity Medium 6.5 Developer Claim...