4 matches found
CVE-2023-0363
The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2023-0363 Scheduled Announcements Widget < 1.0 - Contributor+ Stored XSS
The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2023-0363 Scheduled Announcements Widget < 1.0 - Contributor+ Stored XSS
The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2023-0363
CVE-2023-0363 affects the Scheduled Announcements Widget WordPress plugin prior to 1.0. The root cause is insufficient validation/escaping of shortcode attributes, allowing Stored Cross-Site Scripting when the shortcode is embedded in a page or post. Exploitation potential requires Contributor+ p...