2 matches found
CVE-2023-0082
The CVE-2023-0082 entry concerns the ExactMetrics WordPress plugin prior to version 7.12.1. The vulnerability is a Stored XSS flaw caused by inadequate validation and escaping of certain block options before they are output in pages or posts where the block is embedded. The risk affects users wit...
CVE-2023-0082 ExactMetrics < 7.12.1 - Contributor+ Stored XSS
The ExactMetrics WordPress plugin before 7.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...