Lucene search
K

4 matches found

OSV
OSV
added 2023/03/06 2:15 p.m.4 views

CVE-2023-0165

The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
NVD
NVD
added 2023/03/06 2:15 p.m.15 views

CVE-2023-0165

The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.3AI score0.00471EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/03/06 1:34 p.m.20 views

CVE-2023-0165 Cost Calculator <= 1.8 - Contributor+ Stored XSS

The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.5AI score0.00471EPSS
Exploits2References1
CVE
CVE
added 2023/03/06 1:34 p.m.51 views

CVE-2023-0165

CVE-2023-0165 affects the Cost Calculator WordPress plugin (versions 1.8 and earlier). The vulnerability arises from lack of validation/escaping of shortcode attributes, allowing Stored XSS via shortcodes embedded in posts/pages by users with contributor+ roles. Affected component: shortcode attr...

5.4CVSS5.3AI score0.00471EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder