3 matches found
WordPress Weaver Xtreme Theme Support Plugin <= 6.2.5 is vulnerable to Cross Site Scripting (XSS)
Software Weaver Xtreme Theme Support Type Plugin Vulnerable versions = 6.2.5 Fixed in 6.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0276 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 323a045198cd Credits István...
CVE-2023-0276
creationtimestamp| type| source ---|---|--- 2023-04-24 22:25:00+00:00| seen| https://t.me/cibsecurity/62760...
CVE-2023-0276
The CVE concerns the Weaver Xtreme Theme Support WordPress plugin prior to 6.2.7, where certain shortcode attributes are not validated or escaped before being echoed into pages/posts. This leads to a Stored Cross-Site Scripting (Stored XSS) risk when a user with the contributor role (or higher) e...