3 matches found
CVE-2023-0373
The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0373 Lightweight Accordion < 1.5.15 - Contributor+ Stored XSS
The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress Lightweight Accordion Plugin < 1.5.15 is vulnerable to Cross Site Scripting (XSS)
Software Lightweight Accordion Type Plugin Vulnerable versions 1.5.15 Fixed in 1.5.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0373 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 695900d7d8e2 Credits István Márto...