4 matches found
CVE-2023-0165
The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0165
The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0165 Cost Calculator <= 1.8 - Contributor+ Stored XSS
The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0165
CVE-2023-0165 affects the Cost Calculator WordPress plugin (versions 1.8 and earlier). The vulnerability arises from lack of validation/escaping of shortcode attributes, allowing Stored XSS via shortcodes embedded in posts/pages by users with contributor+ roles. Affected component: shortcode attr...