5 matches found
CVE-2023-0252
The Contextual Related Posts WordPress plugin before 3.3.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0252 Contextual Related Posts < 3.3.1 - Contributor+ Stored XSS
The Contextual Related Posts WordPress plugin before 3.3.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0252
CVE-2023-0252 concerns the WordPress plugin “Contextual Related Posts” prior to v3.3.1. The vulnerability stems from not validating/escapING certain block options before rendering them in a page/post where the block is embedded, enabling a stored XSS by users with the contributor role or higher. ...
CVE-2023-0252 Contextual Related Posts < 3.3.1 - Contributor+ Stored XSS
The Contextual Related Posts WordPress plugin before 3.3.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress Contextual Related Posts Plugin < 3.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Contextual Related Posts Type Plugin Vulnerable versions 3.3.1 Fixed in 3.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0252 Patch priority Medium CVSS severity Medium 6.3 Developer WebberZone PSID bc7f8f79c949 Credits István Márton...