Lucene search
+L

4 matches found

NVD
NVD
added 2023/04/10 2:15 p.m.27 views

CVE-2023-0363

The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS5.3AI score0.00444EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/04/10 1:17 p.m.5 views

CVE-2023-0363 Scheduled Announcements Widget < 1.0 - Contributor+ Stored XSS

The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.3AI score0.00444EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/04/10 1:17 p.m.32 views

CVE-2023-0363 Scheduled Announcements Widget < 1.0 - Contributor+ Stored XSS

The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.5AI score0.00444EPSS
Exploits2References1
CVE
CVE
added 2023/04/10 1:17 p.m.59 views

CVE-2023-0363

CVE-2023-0363 affects the Scheduled Announcements Widget WordPress plugin prior to 1.0. The root cause is insufficient validation/escaping of shortcode attributes, allowing Stored Cross-Site Scripting when the shortcode is embedded in a page or post. Exploitation potential requires Contributor+ p...

5.4CVSS5.5AI score0.00444EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder