3 matches found
CVE-2023-0066 Companion Sitemap Generator <= 4.5.1.1 - Contributor+ Stored XSS
The Companion Sitemap Generator WordPress plugin through 4.5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scriptin...
CVE-2023-0066 Companion Sitemap Generator <= 4.5.1.1 - Contributor+ Stored XSS
The Companion Sitemap Generator WordPress plugin through 4.5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scriptin...
CVE-2023-0066
The CVE-2023-0066 entry refers to the Companion Sitemap Generator WordPress plugin (versions up to 4.5.1.1). The root cause is failure to validate and escape certain shortcode attributes, which can enable Stored XSS when the shortcode is embedded in a page/post by users with contributor+ privileg...