Lucene search
K

4 matches found

NVD
NVD
added 2023/02/13 3:15 p.m.46 views

CVE-2023-0362

Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.4AI score0.00526EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/02/13 2:32 p.m.40 views

CVE-2023-0362 Themify Portfolio Post < 1.2.2 - Contributor+ Stored XSS

Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.5AI score0.00526EPSS
Exploits2References1
CVE
CVE
added 2023/02/13 2:32 p.m.55 views

CVE-2023-0362

The CVE-2023-0362 entry concerns the WordPress plugin Themify Portfolio Post (before 1.2.2). The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by not validating/escaping certain shortcode attributes before output in posts/pages, enabling users with the Contributor role and abov...

5.4CVSS5.3AI score0.00526EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/01/19 12:0 a.m.14 views

WordPress Themify Portfolio Post Plugin < 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Themify Portfolio Post Type Plugin Vulnerable versions 1.2.2 Fixed in 1.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0362 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c14d4085b20e Credits Lana Codes...

5.4CVSS5.9AI score0.00526EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder