Lucene search
K

4 matches found

nvd
nvd
added 2023/02/13 3:15 p.m.29 views

CVE-2023-0333

The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.3AI score0.0049EPSS
Exploits2References1
cvelist
cvelist
added 2023/02/13 2:32 p.m.32 views

CVE-2023-0333 TemplatesNext ToolKit < 3.2.9 - Contributor+ Stored XSS

The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.5AI score0.0049EPSS
Exploits2References1
cve
cve
added 2023/02/13 2:32 p.m.57 views

CVE-2023-0333

The CVE-2023-0333 entry concerns the TemplatesNext ToolKit WordPress plugin prior to version 3.2.9. The issue is that the plugin does not validate some shortcode attributes before using them to generate HTML tags, enabling Stored Cross-Site Scripting (XSS) when an attacker with Contributor privil...

5.4CVSS5.3AI score0.0049EPSS
Exploits2References1Affected Software1
vulnrichment
vulnrichment
added 2023/02/13 2:32 p.m.7 views

CVE-2023-0333 TemplatesNext ToolKit < 3.2.9 - Contributor+ Stored XSS

The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.3AI score0.0049EPSS
Exploits2References1
Rows per page
Query Builder