3 matches found
CVE-2023-0170
The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0170 Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS
The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0170
The CVE-2023-0170 entry documents an XSS vulnerability in the WordPress Html5 Audio Player plugin prior to version 2.1.12. The issue arises because the plugin does not validate and escape certain shortcode attributes before embedding them in pages/posts, enabling users with the Contributor role o...